The miniaturization of computing devices and the need for ubiquitous communication has augmented the demand for pervasive computing. Security demands that all devices in a pervasive system must be able to authenticate each other and communicate in a secure manner. This is usually achieved through a trusted third party like a public key infrastructure (PKI) or a key distribution centre (KDC). The establishment of such an entity in such a dynamic environment is neither feasible nor pragmatic. In this paper we present a novel mechanism for authentication and key exchange that can operate seamlessly in pervasive computing environments without the presence of a trusted third party. The proposed scheme has minimal computational requirements, which makes it most suitable for devices with limited resources.