One of the biggest problems with the Industrial Internet of Things is keeping sensitive data safe from attackers. There are Internet of Things (IoT) sensors set up to collect information in this setting. Legitimate users can access this data remotely through the internet, but the data being carried via a public route raises security concerns. To address the problem of user anonymity, we suggest a new user-authenticated key agreement mechanism in our system. This system ensures that only approved users may access the service through sensor device. Users are authenticated using a combination of a smart card, password, PUF, and biometric data from a legally registered user, for a total of three layers of protection. Consequently, it improves the system’s overall safety. Also, the fuzzy extractor approach is used for authentic user authentication using biometrics. Then, we have a password phase, a biometric change phase where the password and fingerprint data may be altered, and a smart card cancellation phase where the card can be cancelled or blocked in the event that it is lost or stolen. Our suggested solution, therefore, offers better protection for data transfer in the IIoT than existing methods.