The invention provides a security authentication method, and relates to the technical field of information security. The method comprises the following steps: when a service starting instruction is received through a client, sending a service request to a server; if an identity verification request returned by the server is received, performing signature password verification on the itself, and ifitself passes the signature password verification, sending a user digital signature and a user digital certificate to the server; if verification pass information returned by the server is received,sending a server signature verification request to the server; if the server digital signature and the server digital certificate returned by the server are received, verifying the server digital signature and the server digital certificate returned by the server; and if the verification is passed, establishing a secure channel with the server to avoid the problems of easy leakage of sensitive information in transaction data, access of unauthorized users to the server and access of counterfeit users to the server, and the security of the transaction data in the transmission process can be improved.