In the IoT environment, a large amount of personal information and environmental data are collected and processed by the sensing layer, which will contain some private data. Therefore, how to define the user's data access rights becomes a major challenge for the security of the Internet of Things. In addition, mobile users of the Internet of Things interact with the network frequently, and the security of their own information needs to be protected, so anonymous data access becomes another security goal that needs to be achieved. In order to realize the data access control of the Internet of Things and the anonymous data access of users, it is proposed that a Ciphertext-Policy Attribute-based Encryption (CP-ABE)-based access control mechanism. CP-ABE allows data sources to encrypt data while implementing a secure access policy, so only authorized data users with the desired attributes can decrypt the data.