Recently, Lu et al. presented an enhanced authenticated key agreement protocol based on elliptic curves cryptography and included their protocol in 3GPP2 specifications to improve the security of A-Key distribution. In this paper, we first show the proposed protocol can’t resist the offline password guessing attack, and then present an enhanced protocol to remedy the security loopholes. On the other hand, through this work, we also hope to contribute towards a better understanding of the importance and necessity of including the key derivation step in key agreement protocols.