The Station-to-Station (STS) protocol is a well known two-party key agreement scheme that provides mutual entity authentication, key confirmation and forward secrecy. Al-Riyami and Paterson (2003) extended the STS protocol to the tripartite case, which is called TAKC-STS and is believed to be secure and pass-optimal for tripartite key confirmation protocols. However, in this paper, we will show that the TAKC-STS protocol cannot resist the man-in-the-middle attack and the insider attack. We then propose a secure tripartite STS protocol to conquer the weaknesses, and prove the security in the random oracle model.