As　user＇s　certification　issues　by　the　only　certificate　authority　(CA),　the　existing　scheme　can　not　prevent　CA　to　get　the　user＇s　services　from　a　service　provider.　An　improved　scheme　was　presented.　In　that　scheme,　it　was　still　the　single　CA　model　and　the　two　stages.　Certificate　application　stage:　different　with　the　existing　scheme,　CA　issued　the　part　certificate　for　the　users　and　the　final　certificate　was　generated　by　adding　its　own　private　information.　Service　request　phase:　a　user　requested　service　to　a　service　provider　by　calculating　the　certificate　commitment,　in　the　stage,　even　though　CA　(or　other　attackers)　could　guess　correctly　the　final　user　certificate,　they　needed　to　solve　the　discrete　logarithm　problem　in　order　to　calculate　the　user＇s　certificate　commitment.　This　new　scheme　solves　the　existing　scheme　security　problem　and　its　safety　and　efficiency　have　also　improved　significantly　compared　with　the　similar　scheme.