The Internet of things (IoT), as an extension of the Internet, has become a trend of network development nowadays. In order to protect the integrity and authenticity of the information in the IoT, an identity authentication protocol applied to the networked devices is designed in this paper, using the physical unclonable function (PUF) to extract the uniqueness and tamper resistance of the randomness in the manufacturing process of the physical device. We propose the protocol including the database, accessed devices, access devices and users in the specific network environment. Relying on the unique identification information generated by the PUF embedded in devices and passwords set by users, devices and users identities could be verified through zero-knowledge proofs. The performance analysis and the experiment at the end of this work show that our protocol provides users with a strong security guarantee for IoT devices.