Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. In this paper, we demonstrate that Yang et al.'s three-party authenticated protocol is potentially vulnerable to an unknown key-share attack and impersonation attack. Thereafter, we suggest a secure and efficient three-party authenticated key exchange protocol for mobile-commerce environments. Our improved protocol has the following advantages over Yang et al.'s protocol: (1) our scheme combines two factors to strengthen its authentication mechanism; (2) our scheme simply utilizes each user's unique identity to accomplish authentication, eliminating maintenance of a lot of users' keys; (3) our scheme carries the rigorous proof of the security. Furthermore, our scheme is more efficient than Yang et al.'s scheme. Therefore, the end result is more suited to be a candidate for implementation in mobile-commerce environments.