In　order　to　achieve　secure　mobile　application　services,　a　distributed　authentication　protocol　is　presented.　Based　on　the　pervasiveness　of　SMS　(short　message　service),　the　protocol　uses　SMS　messages　to　transmit　authentication　data.　It　provides　the　mutual　authentication　between　any　users　and　any　application　services　in　local　area　or　different　trusted　areas.　Mobile　stations　only　need　to　send　one　short　message　to　services.　The　protocol　adopts　the　hybrid　cryptography.　Smart　cards　in　it　are　to　protect　users＇　secret.　The　protocol　uses　hash　chain　mechanism　to　decrease　protocol　cost　for　next　authentication　between　user　and　service.　Hence,　the　user＇s　computation　cost　and　the　communication　cost　fit　mobile　station.　Furthermore,　the　protocol　provides　more　security　features,　such　as　user　anonymity,　non-repudiation　and　et　al.