This paper proposes an identity authentication scheme for an Internet of Things (IoT) in public safety, including computational and energy resource-constrained sensors for on-site first responders. In addition, we focus on reducing the computational burden. With the development of information and communication technologies, the related work of IoT has become increasingly mature, and the application of IoT has been extended more widely. Recently, many researchers have studied how to construct temporary IoT communication for public safety missions, such as the disaster area of a wind hazard, an earthquake, or other disasters. Most of the communication equipment might be destroyed or unstable in a disaster area. Providing full resources and immediate support for responders and instantly supporting the implementation of a relief assignment require construction of a temporary communication network. If a commander receives useful information regarding the event scene, he or she can conduct and monitor the status of a mission. The application of an IoT in public safety must take security into account. In particular, communication regarding a crime scene not only is affected by the natural environment but might also be subject to malicious destruction. In this paper, we propose a lightweight authentication and key establishment protocol for IoT that not only supports user anonymity but also resists the repeating of an attack to ensure conformity with a session key. A security and performance analysis shows that the proposed scheme has robust and effective authentication comparable to related work.