In deriving a cryptographic key from the response message in a challenge-response message in a challenge-response authentication, a checksum for the related response is calculated after receiving a challenge message and before the related response has been transferred. A cryptographic key is derived from the response, which is used to determine the cryptographic checksum. The cryptographic checksum is transferred in a first time period after receiving the challenge message. The response message is transferred during a later, second time period. The duration of validity of the key derived from the response message ends before the response message is transferred. A theoretical attacker who can overhear and manipulate the communication will not know the response message until a point in time when the cryptographic key which can be derived therefrom is already no longer valid.