Inside a machine-to-machine (M2M) environment, a device is very much a communication subject. Machine and gateways are important communication subjects. It can be collecting or storing surrounding information as user's intention. There is a case that infringes other person's privacy such as not passing through a certification process of the user or communication chairman who requests communications among the information that is collected by the machine. Therefore, we wish to propose privacy problem solving using device and user authentication (PSDUA) that can support the certification process between device and user communicating the subject in M2M environment and can support the user in another certification work about various services. PSDUA proposes a design that can pass through a light certification process based on existent system. For example, Kerberos and public key infrastructure (PKI) can support very heavy certification process but our proposed scheme cannot. However, our proposed system can act easily and fast and that gradual access may be possible using time stamp, device identification, and user log-in information. It can also protect privacy information of other person or machines that are not the subject of communication. Additionally, we also check about confidentiality, integrity, and safety of machine-in-the-middle attack. Also, we can show safety in our proposed system. Our proposed scheme will provide solutions on various securities privacy problems. Copyright © 2013 John Wiley & Sons, Ltd.