This invention discloses an authentication method for broadband access users, in which, first of all, a user device obtains a certificate and digital signature of an access server and verifies its validity of the certificate and the effectiveness of the signature then sends the certificate and digital signature of the user, the access server verifies the validity and effectiveness of the user certificate and allows the user to access into the Internet, after the user device further verifies the effectiveness of the certificate of the access server, it keeps connection with the Internet. The entire authentication process of this invention contains mutual authentication of the access server and the access user and the two parties verify the validity and effectiveness of the certificates of the opposite party and the effectiveness of digital signature.