In the data transmission process of the Internet of Things, it is necessary to authenticate the identities of the communicating parties and encrypt the transmitted data. At present, a large number of authentication and key agreement schemes have been designed, but they are vulnerable to various attacks, such as smart card stolen attack and denial of service attack. In view of the problems of existing schemes, this study proposes a lightweight one-to-many authentication and key agreement scheme, using elliptic curve cryptography and XOR operation on the user and the sensor sides respectively to achieve mutual authentication and the method of a pre-shared key to expand the sensor side to multiple ones. Finally, through the comparison of functions, computation cost, and communication cost, it is shown that the proposed scheme is better than other schemes and is more suitable for multi-sensor scenarios.