As the development of the Internet of Things(IOT), the security requirements of information for Radio Frequency Identification(RFID) system are increasing continuously. Although the RFID authentication protocols based on key array can solve the internal attack problem that is a security flaw of traditional RFID authentication protocols in the multiple entities environment, those protocols can cause the information leakage because they adopt the mechanism of switching entity information during authentication. To tackle with this problem, a Multiple Entities RFID Authentication Protocol(MERAP) based on zero-knowledge proof is designed. The protocol employs distributed key array structure to resist inner attack, and utilizes the zero knowledge proof scheme to realize the zero leakage sensitive of bidirectional authentication information. The security performance analysis results show the MERAP protocol can resist varied external attacks, including retransmission, tracking, denial of service and tampering, and internal attack with a slight increase at complexity and tag cost.