The invention relates to a mutual authentication method between a terminal and a server. The method comprises that: the terminal generates an identity number and a first random number and sends the identity number and the first random number to the server; the server verifies whether the identity number exists in a database of the server; the server generates a first operation result according tothe identity number, the first random number and a server secret key, and the first operation result and a second random number are transmitted to the terminal; the terminal generates a second operation result according to the identity number, the first random number and the server secret key and carries out authentication on the server according to the first and second operation results; the terminal generates a third operation result according to the second random number and a terminal secret key and sends the third operation result to the server; and the server generates a fourth operationresult according to the second random number and the terminal secret key and carries out authentication on the terminal according to the third and fourth operation results.