At　present,　most　of　the　Session　Initiation　Protocol　(SIP)　authentication　mechanisms　provide　only　the　server-to-client　authentication,　besides,　password　changing　also　can＇t　be　completed　through　SIP　messages.　This　paper　analyzes　the　defects　existing　in　the　traditional　authentication　process,　and　put　forward　a　new　kind　of　authentication　mechanism,　which　provides　server-to-client　and　client　-to-　server　authentication,　and　password　changing　as　needed.