Future　mobile　devices　are　expected　to　access　different　networks　(such　as　3rd　generation　network,　WLAN,　Bluetooth,　Internet,　and　etc).　Hence　many　sensitivity　data　are　stored　in　them.　How　to　protect　the　security　of　information　and　applications　about　mobile　devices　becomes　an　exigent　problem.　This　paper　proposes　a　secure　authentication　and　authorization　protocol　for　mobile　devices.　The　protocol　employs　biometric　identification　and　password　mechanism.　Different　users　could　access　different　information　and　applications,　which　are　associated　with　different　security　levels.　Users,　mobile　equipments　and　universal　subscriber　identity　module　(USIM)　could　mutual　authenticate.　Messages　are　encrypted　when　they　are　exchanged.　©2009　IEEE.