EAP authentication method capable of hiding identities and suitable for resource-constrained terminal

The invention belongs to an information safety technology, and particularly relates to an EAP authentication method capable of hiding identities and suitable for a resource-constrained terminal in a WLAN. The EAP authentication method comprises the steps that a client end sends an identity label Client ID to a server end, and if the identity label is not consistent, disconnection is conducted; if the identity label is correct, authentication is started; the client end and the server end need to have a PSK, and a hash function is used for deducing an AK and an EK needed for authentication through the PSK; bidirectional authentication is conducted on the client end and the server end; the server end sends a character string which is randomly generated to be used as a new identification to replace an old identification to the client end, and the new identification is used for authentication when the client end is connected next time. Through the EAP authentication method capable of hiding the identities and suitable for the resource-constraint terminal, the idea of symmetric encryption is used in the entire authentication process, so that operation is reduced, and deployment of the resource-constrained terminal is facilitated. A new user identity identification is allocated to the client end every time, the identity of a user can be dynamically protected, and the identity of the user is hidden.