Traditional three-party authenticated key exchange (3PAKE) protocols face two common problems, one is that the shared key can be compromised, and the other is the high computational cost that is required to run them. With the rapid development of services such as cloud and ubiquitous computing, devices with relatively low computing power are becoming more widely used. Some studies have thus proposed 3PAKE protocols with elliptic curve cryptography to reduce the computational cost in a mobile commerce environment, but these not only cannot counteract impersonation attacks, but still have a relatively high computational cost. Therefore, this paper proposes a lightweight 3PAKE protocol with XOR (exclusive OR)-based operation that has the following characteristics: (1) less computational cost than the 3PAKE protocols with elliptic curve cryptography, (2) greater confidentiality with regard to sharing keys, and (3) the ability to resist impersonation attacks.