IM (Instant Messaging) offers users the service of exchanging text messages, audios, videos and files instantly on a network. For many network users, IM becomes an indispensable tool for daily communications. So far, most sets of the IM software transmit instant messages in plaintext, and without a secure flawless authentication scheme between the server and users. These Flaws make the IM systems prone to eavesdrop attack, impersonation attack and server spoofing attack, which poses a threat to the users’ privacy. So it is necessary to enhance the security of IM systems by providing a flawless authentication scheme and the encryption approaches to secure the IM content in no time. This study, based on the three-party encrypted key exchange (EKE) protocol of Lee et al., designs a secure IM protocol and implements the IM system in the Java platform to verify that the proposed IM protocol is feasible. The proposed IM protocol not only enables the server and users to authenticate each other mutually but also generates a session key between the two users on communication after authenticating the validity of their identification. This session key is used to encrypt the IM content, protecting the instant messages sent on a network from being intercepted or misused by attackers, and therefore, meets the security requirements: authentication, confidentiality, integrity, and forward secrecy. In the security analysis, we also analyze several commom network attack methods and provide users with a more secure IM protocol.