The communication model of Internet of Things (IOT) application has some shortcomings in user privacy protection and information security. To solve these shortcomings, we define the formal models of certificateless online/offline signcryption and propose a concrete certificateless online/offline signcryption scheme for IOT environment. Compared with the existing identity-based online/offline signcryption schemes that do not require the plaintext and the receiver's identity in the offline phase, our scheme has the great advantage of the offline computation cost, offline storage, ciphertext length, and receiver computation cost. Moreover, our scheme achieves known session-specific temporary information security, public verifiability with confidentiality and no key escrow problem. Copyright © 2013 John Wiley & Sons, Ltd.