The invention discloses an IBAKA (Identity Based Authentication and Key Agreement) method. The method comprises the following steps that: a user at a sending terminal generates first authentication data for authenticating the identity of the user at the sending terminal and sends the first authentication data to a user at a receiving terminal; the user at the receiving terminal carries out legality authentication on the identity of the user at the sending terminal according to the received first authentication data; if authenticating that the identity of the user at the sending terminal is legal, the user at the receiving terminal generates second authentication data which does not contain key information of the user at the sending terminal, sends the second authentication data to the user at the sending terminal and generates a conversation key of the receiving terminal; the user at the sending terminal carries out legality authentication on the identity of the user at the receiving terminal according to the received second authentication data; and if the identity of the user at the receiving terminal is authenticated to be legal by a sensing terminal, the user at the sending terminal generates a conversation key of the sending terminal. The method disclosed by the invention can be used for solving the problem that a risk of denial of service attack, key leakage impersonation attack or temporal key leakage attack exists in an IBAKA protocol.