A protocol for secure communication between set-top box and smart card in conditional access system is proposed. The proposed protocol uses the Schnorr identification scheme to achieve the authentication of smart card to settop box and uses an asymmetric cryptosystem to achieve the authentication of set-top box to smart card. Both security and performance of the proposed protocol are analyzed and a comparison between the proposed protocol and a previous protocol is provided. The result shows that the protocol is more secure at the cost of a little more computation spending and very applies to smart card with limited processing power. Moreover, the protocol makes it possible that various conditional access systems use the same set-top box because it is not necessary for set-top box to store any secret proprietary data of conditional access system in advance in the protocol.