The present invention relates to a security association negotiation method of extensible authentication protocol (EAP) for authenticating a subscriber station user in a wireless portable Internet system. An exemplary security association negotiation method using a user authentication in a wireless portable Internet system according to an embodiment of the present invention includes following steps. A base station generates an authentication key for authenticating a user of a subscriber station. The base station receives a security association capability request message including security association capability information of the subscriber station from the subscriber station after generating the authentication key. The base station determines whether the base station is able to accept a security association capability of the subscriber station included in the security association capability request message. The base station transmits a security association capability response message including the security association capability information which is selected for a security association with the subscriber station by the base station when the security association capability of the subscriber station can be accepted. According to the present invention, a subscriber authentication for EAP may be efficiently performed without an additional message after a handover.