Abstract: In order to achieve secure mobile application services, a distributed authentication protocol is presented.Based on the pervasiveness of SMS (short message service) , the protocol uses SMS messages to transmit authentication data.It provides the mutual authentication between any users and any application services in local area or different trusted areas.Mobile stations only need to send one short message to services.The protocol adopts the hybrid cryptography.Smart cards in it are to protect users' secret.The protocol uses hash chain mechanism to decrease protocol cost for next authentication between user and service.Hence, the user's computation cost and the communication cost fit mobile station.Furthermore, the protocol provides more security features, such as user anonymity, non-repudiation and et al.