The invention provides a bidirectional
authentication method and device. The method comprises the steps: receiving a
server certificate, a second random number, a target
password suite and a
server public key which are sent by a
server in response to an
authentication request, obtaining data in the server
certificate if the server
certificate is checked to be signed and issued by a preset signing and issuing mechanism; and if the data are consistent with the data provided by the server, generating a third random number, and generating a first main communication
password through a preset
key exchange algorithm; encrypting the third random number by using the server public key to obtain an encrypted third random number, and generating a
client communication
ciphertext by using the first main communication
password and the target password suite; sending the encrypted third random number, the
client certificate and the
client communication
ciphertext to the server; and after a server-side communication
ciphertext returned by the
server side is received, the server-side communication ciphertext is decrypted according to the first main communication password and the target password suite, and if data carried in the server-side communication ciphertext is not tampered, the bidirectional
authentication is confirmed to pass.