In recent years, the internet of things has been widely utilized in various fields, such as in smart factories or connected cars. As its domain of application has expanded, it has begun to be employed using multi-server architectures for a more efficient use of resources. However, because users wishing to receive IoT services connect to multi-servers over wireless networks, this can expose systems to various attacks and result in serious security risks. To protect systems (and users) from potential security vulnerabilities, a secure authentication technology is necessary. In this paper, we propose a smart card-based authentication protocol, which performs the authentication for each entity by allowing users to go through the authentication process using a smart card transmitted from an authentication server, and to login to a server connected to the IoT. Furthermore, the security of our proposed authentication protocol is verified by simulating a formal verification scenario using AVISPA, a security protocol-verification tool.