Various methods of authenticating an access terminal are presented in the case where the access terminal is roaming within a visited network. An access terminal sends a device authentication message to a visited validation server or a home validation server, where the device authentication message includes an access terminal identifier and authentication data generated at least in part using the validation key. In some embodiments, the authentication data may include a digital signature by a validation key associated with the access terminal identifier. Such a signature can be authenticated by either the visited validation server or the home validation server. In other embodiments, the authentication data may include an access terminal authentication token sent to the visited validation server. The visited validation server can authenticate the device authentication message by comparing the access terminal authentication token with an access terminal authentication token obtained from the home validation server.