The Andrew Secure Remote Procedure Call (RPC) is a protocol that allows two parties to establish a new cryptographic key. The protocol was originally designed to work on the Andrew network of Carnegie Mellon University, USA. Its concept and method can now be used to enhance security of communications on different modules in smart cards, computer networks and the Internet. There have been many varieties of the protocol since it was designed. We questioned whether or not those existing Andrew Secure RPC varieties were really secure and efficient. It is shown in this paper that most of them are indeed not secure, and their efficiency can be improved. We carried out security analyses and experiments to illustrate that our proposed protocol here is more secure and 25% more efficient, in terms of speed, than the others. Copyright © 2013 John Wiley & Sons, Ltd.