Abstract: Security and privacy are main restriction factors in the development of the Internet of Things(IOT). The external users need to directly access the sensor nodes to get data in IOT. In order to protect the security of data, we propose a user authentication and key agreement scheme based on heterogeneous wireless sensor networks. The proposed scheme can verify the identity of participants and establish a shared key between the user and senor node.The detailed analysis of the proposed scheme shows that the scheme is secure and efficient.