Abstract: As a result of the high mobility of the pervasive computing，the principles communicating with each other usually locate at different domains.To secure the service access and communications，the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol are proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication，the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Key words: inter-domain authentication, key establishment, biometric encryption, signcryption, Pervasive Computing Environments（PCE）

摘要： 由于普适计算的高度移动性，通信的双方经常位于不同的区域，为了保证服务的合法访问以及消息的安全传输，需要进行跨域认证以及安全会话密钥建立。提出了一种新的跨域认证与密钥建立协议，该协议采用生物加密技术省去了证书管理的负担，合理设计了通信双方及其各自服务器之间的交互，完成了跨域双向认证，并采用签密技术为通信双方派生密钥。对协议进行了安全及性能的分析，并用经典的SVO逻辑证明了其正确性。

关键词: 跨域认证, 密钥建立, 生物加密, 签密, 普适计算环境