Abstract: In order to effectively improve the security performance of remote identity authentication protocol, a secure and efficient three factors identity authentication protocol is proposed by combining elliptic curve, challenge/response mechanism, biometrics, smart card and password authentication technology. The point multiplication of elliptic curve is adopted in the protocol, which improves the security and reduces the computational complexity. The two sides of authentication use three handshakes of challenge/response mechanism to realize two-way authentication. The protocol introduces random numbers and completes session key agreement. The safety of this protocol is based on the unidirectionality of Hash function, discrete logarithm problem of elliptic curve and the security characteristics of biometrics. Through the formal deduction of a variety of known attacks, it is proved that the protocol can resist various common attacks and has high security performance. Simulation results show that the protocol has higher computational efficiency.