At present, the rapid development of satellite capabilities has prompted the proposal of satellite–terrestrial integrated networks (STIN), which solves the problem of limited signal coverage of terrestrial cellular networks, further promotes the globalization process, and realizes global data sharing and on-demand use. However, due to the high openness of satellite-to-ground links in STIN, users are vulnerable to attacks such as eavesdropping, replay, tampering, and impersonation when requesting access to satellite nodes and obtaining subscription services. To ensure the security and reliability, many authentication protocols have been proposed, but there are still some shortcomings, such as high authentication overhead, vulnerability to certain attacks. In addition, for inter-satellite handovers caused by the highly dynamic topology of satellites, the computational overhead of existing handover authentication mechanisms is too high to be applied to frequent inter-satellite handover scenarios in STIN. To address the above issues, in this paper, we propose a new access and handover authentication protocol with batch verification for STIN, namely the AHA-BV protocol. The AHA-BV protocol not only realizes mutual authentication and key negotiation between users and satellite access points without the participation of the network control center, but also ensures the conditional anonymity of users during the access authentication phase. Furthermore, the lightweight batch verification mechanism reduces the risk of computing bottlenecks when resource-constrained satellites receive a large number of access authentication requests. Not only that, the AHA-BV protocol can also achieve sustained trust in subscription services from STIN with low computational overhead during the inter-satellite handover authentication phase. Formal and heuristic security analysis show that the AHA-BV protocol can meet the security requirements of STIN. Performance analysis indicates that the AHA-BV protocol has low authentication overhead while ensuring security, and is more suitable for users under satellite dynamic topology to access and obtain subscription services from STIN.