How to construct secure key agreement protocol is one of the most challenging problems in information security area.However,most of the current secure protocols can only achieve "heuristic" security,the security assumptions and efficiencies of these protocols are not perfect.To solve these problems,the authors propose a new 2 rounds two-party authenticated key agreement protocol and point out some principles to construct a secure protocol by analyzing the security properties of the protocol,then prove strictly that the new protocol is secure in eCK model.According to pertinent literature,eCK model provides the strongest definition of security for two party key agreement protocol at present.Performance analysis shows that the protocol has a good balance between computational cost and security assumption.The authors also present a three-round variant of the protocol to realize key conformation property.