This paper analyzes the traditional anonymous roaming authentication protocol, and points out the deficiencies of their uncontrolled anonymity and communication delay. A controllable anonymous roaming authentication protocol is proposed in this paper for heterogeneous wireless networks. This protocol can complete verifying the legitimacy of the identity of the mobile terminal through one message interaction. If the mobile terminal has malicious operation, the home network authentication server can help remote network authentication server to revoke the identity anonymity of the mobile terminal. The protocol accomplishes anonymous authentication and possesses controllability on malicious anonymity at the same time, thus effectively preventing the occurrence of malicious behavior and the communication delay. This protocol is safe in the CK security model.