Abstract: Pervasive computing raises new challenges to the security and privacy of the Internet communication，and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange，the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks，especially the denial of service attack.

摘要： 普适计算的出现对网络通信中的安全和隐私提出了新的挑战，传统的认证技术已经不能满足普适环境的安全需求。提出了一种普适环境中用于完成服务使用者与提供者之间双向认证及密钥建立的机制。该机制高度融合了生物加密技术和Diffie-Hellman密钥交换技术，在不泄露用户隐私的情况完成双向认证。该机制提供了安全的建立密钥的算法，并且通过使用生物加密技术实现了访问控制策略的区别对待。经分析证明，该协议能很好地抵抗各种攻击，尤其是拒绝服务（DoS）攻击。