提出了一种混合采用对称密码加密和公钥密码认证的第3代移动通信系统认证和密钥协商(UMTS AKA)协议。在该协议中,归属网络负责在线验证拜访网络公钥证书的有效性,然后生成一个简短的安全凭据,拜访网络通过向移动设备(ME)出示该凭据证实自己的身份,ME无需在线接收并验证拜访网络的公钥证书即可确认其身份,从而降低了ME的通信传输和计算开销。实现了拜访网络与归属网络之间的身份认证和消息安全传输,提高了UMTS AKA全过程的安全性。采用BAN逻辑证明了协议的安全性。与SPAKA协议和Lee方案的对比分析表明,所提出的协议效率更高。 A 3rd Generation Mobile Telecommunications System Authentication and Key Agreement (UMTS AKA) protocol is proposed, which uses a combination of symmetric cryptography and public-key cryptography. In this protocol, the home network is responsible for verifying the validity of the public key certificate online and generating a short security credential. The visited network authenticates itself by presenting the credential to the mobile device (ME). The ME does not need to receive and verify online Visiting the public key certificate of the network can confirm its identity, thus reducing the ME’s communication transmission and computing overhead. The authentication and message transmission between the visited network and the home network are realized, and the security of the whole UMTS AKA process is improved. BAN logic to prove the security of the agreement. A comparison with the SPAKA protocol and the Lee scheme shows that the proposed protocol is more efficient.