In the traditional anonymous roaming mechanism of wireless network, remote network authentication server (RS) can not directly authenticate the identity legitimacy of roaming mobile nodes. Thus, only with the aid of home domain authentication server (HS) can RS fulfill the authentication, which results in longer time delay in roaming communication and failure to meet the fast roaming needs of sensor subnets. To address the defects mentioned above, this paper proposes a direct anonymous authentication protocol with provable secure mobile nodes in Internet of things, enabling the mobile nodes to fulfill the legitimacy authentication of their identity through one round of message exchange with RS. The protocol proposed in this paper not only achieves the legitimacy authentication of anonymous identity, but also has shorter time delay and higher operating efficiency and good anti-attack capability. Fast roaming also makes it more suitable for the environment of Internet of things in comparison with the traditional anonymous roaming protocol. The security proof shows that the new protocol is provably secure in the CK security model.