Smartphones are an integral part of the Internet of Things, connecting everyday objects such as homes, hospitals, and more to the internet and providing a platform for communication. To protect user data from unauthorized access, it is essential to incorporate cryptography technology into smartphone applications to ensure that data transmitted via wireless transmission is secure and shared only with the intended devices. This is due to the rapid rise of identity theft, data breaches, and attacks caused by weak authentication schemes, poor password management, and phishing. To combat these threats, it is important to incorporate secure authentication applications into smartphones. This thesis seeks to develop an authentication model that combines the use of a digital certificate and a secret key to encrypt and decrypt data. This model is designed to enable smartphone users to authenticate themselves with a digital certificate, allowing them to access applications from the user's device. The Rivest– Shamir–Adleman (RSA) algorithm is used to generate the key, and the digital certificate is then issued to verify the user's identity and the device's identity. The proposed model using RSA algorithm because RSA signature generation is essentially the process of raising a big integer to the power of the exponent of the private key. Because the RSA private keys may be selected with tiny exponents, which speeds up the signature creation process, this procedure is efficient. The thesis aims to investigate the authentication requirements for smartphone users, develop an authentication model for smartphone users, and evaluate the ability to authenticate users and devices in smartphone users. To achieve the objectives, the primary approach is to review the literature on authentication needs for smartphone devices, which leads to the implementation of digital certificates for both user and device authentication. The user and device authentication model, which implements digital certificates for smartphone users, consists of three phases: Registration Phase, Digital Certificate Phase, and Authentication Phase. To validate the model, two methods are employed. Firstly, qualitative testing is conducted by inviting expert reviews to provide their opinion on the model and all phases, as well as responding to questionnaires. Secondly, mathematical data is used to verify the flow of the model, using the formula contained therein. The model proposed can serve as a reference for smartphone applications, authenticating both users and devices together for enhanced verification that can protect data from unauthorized users and serve as a springboard for the implementation of security for applications in smartphones.