Internet of Things (IoT) connects different types of sensors and intelligent devices to collect a range of data under the globalization economic integration background. Hence, it is very crucial to prevent data leakage and enhance information security for smart terminals, especially in product authorization chains. To solve data communication security problems between smart devices and servers, this paper proposes the polymorphic key exchange protocol for the authorization chain smart terminal, which ensures data transmission security between the two parties. This paper provides a crucial model definition of the product authorizing process in product authorization chains, and designs an improved PRNG (Pseudo Random Number Generator) that is constructed by random group to accomplish the polymorphic key exchange protocol. The security analysis shows that the polymorphic key exchange protocol is secure to some attacks. Finally, we test and verify that the improved PRNG for the polymorphic key exchange protocol satisfies the strict avalanche criterion by extensive experiment, and compare with the avalanche effect of Data Encryption Standard (DES) and Advanced Encryption Standard (AES). The experimental data shows the improved PRNG has same input bit with DES, but its anti-differential attack performance is in common with 128-bit AES, which demonstrates it is secure to brute-force attack.