The invention belongs to the communication technical field, relating to the safety problem of network communication, in particular to the three party key exchange protocol, namely, 3PAKE protocol focusing on password authentication of a network structure. Basing on the CDH assumption and using the difficulty of discrete logarithm and the unilateralism of hash function, the invention includes three key steps that firstly, the certifications of the two users asking for communication are certified by the server; secondly, the certification of the server is verified by the two users asking for communication; thirdly, certifications of the two users asking for communication are mutually verified. The invention overcomes the vulnerabilities of masquerading attack for the starter, masquerading attack from the responder, the attack from the middleman and the on-line password guess attack all existed in the S-3PAKE protocol; has the capacities of resisting frequent attack, the attack from the middleman, the masquerading attack from the starter, the masquerading attack from the responder, the off-line guess attack and the replay attack; has forward security and known key security; and also has the characteristic of perfectly resisting on-line guess attack.