In this paper, we propose a handover authentication mechanism, called handover key management and authentication scheme (HaKMA), which as a three-layer authentication architecture is a new version of our previous work Diffie-Hellman-PKDS-based authentication method (DiHam for short) by improving its key generation flow and adding a handover authentication scheme to respectively speed up handover process and increase the security level for mobile stations (MS). AAA server supported authentication is also enhanced by involving an improved extensible authentication protocol (EAP). According to the analyses of this study, the HaKMA is more secure than the compared schemes, including the PKMv2 and DiHam.