The traditional authentication scheme in the single-server environment of the mobile internet has security problems, such as users needing to memorize different passwords corresponding to different servers, password leakage in traditional authentication methods, and so on. In order to solve the problems described above, this paper proposes a single-server environment authentication scheme based on SM9 algorithm for mobile internet. For different application systems, users that only needed to memorize a unified identification and password could pass through authentication in different application systems and obtained application services and resources. The proposed scheme combined the SM9 algorithm and password hiding to realize ciphertext transmission and mutual authentication, achieved higher security and robustness with one-time key. At the same time, the proposed scheme could reduce the user’s memory burden and offer a better application experience. Through security analysis, the proposed scheme can provide resistance to replay attacks, counterfeiting attacks, smartphone loss attacks and other common attacks. Through performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value in high security scenario, such as mobile payment and contactless access control.