diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h
index ef25722710182c6ee9332e4fb2c8251e8b96ad28..e888cde225c58344c6e0da51a09a42526f3c7075 100755
--- a/common/include/dm_constants.h
+++ b/common/include/dm_constants.h
@@ -184,6 +184,7 @@ extern const char* DM_VERSION_5_0_3;
 extern const char* DM_VERSION_5_0_4;
 extern const char* DM_VERSION_5_0_5;
 extern const char* DM_VERSION_5_1_0;
+extern const char* DM_VERSION_5_1_1;
 extern const char* DM_CURRENT_VERSION;
 extern const char* DM_ACL_AGING_VERSION;
 extern const char* DM_VERSION_5_0_OLD_MAX;      // Estimated highest version number of the old version
diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp
index fe35b8f0fee1baa87e9337d018765a40e8266b01..73eee5e9c48dbb4fbd72ca726c2bb87022404878 100644
--- a/common/src/dm_constants.cpp
+++ b/common/src/dm_constants.cpp
@@ -172,7 +172,8 @@ const char* DM_VERSION_5_0_3 = "5.0.3";
 const char* DM_VERSION_5_0_4 = "5.0.4";
 const char* DM_VERSION_5_0_5 = "5.0.5";
 const char* DM_VERSION_5_1_0 = "5.1.0";
-const char* DM_CURRENT_VERSION = DM_VERSION_5_1_0;
+const char* DM_VERSION_5_1_1 = "5.1.1";
+const char* DM_CURRENT_VERSION = DM_VERSION_5_1_1;
 const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0;
 const char* DM_VERSION_5_0_OLD_MAX = "5.0.99";       // Estimated highest version number of the old version
 } // namespace DistributedHardware
diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h
index 87ebc199cec465ec5ada16db36c5993b07571ec0..e761287008a2a2dd77de8afdc459d2821d3f99ec 100644
--- a/services/implementation/include/authentication_v2/dm_auth_state.h
+++ b/services/implementation/include/authentication_v2/dm_auth_state.h
@@ -428,6 +428,8 @@ public:
     virtual ~AuthSrcCredentialAuthDoneState() {};
     DmAuthStateType GetStateType() override;
     int32_t Action(std::shared_ptr<DmAuthContext> context) override;
+private:
+    std::string GenerateCertificate(std::shared_ptr<DmAuthContext> context);
 };
 
 class AuthSinkCredentialAuthStartState : public DmAuthState {
@@ -486,6 +488,8 @@ public:
     virtual ~AuthSinkDataSyncState() {};
     DmAuthStateType GetStateType() override;
     int32_t Action(std::shared_ptr<DmAuthContext> context) override;
+private:
+    int32_t VerifyCertificate(std::shared_ptr<DmAuthContext> context);
 };
 
 class AuthSrcDataSyncState : public DmAuthState {
diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp
index 950e09b05326b0e591cf19a63e24f51363b0570c..40a6620897f1b14dd13874948c57282e22345424 100644
--- a/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp
+++ b/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp
@@ -18,6 +18,8 @@
 
 #include "auth_manager.h"
 #include "deviceprofile_connector.h"
+#include "dm_auth_attest_common.h"
+#include "dm_auth_cert.h"
 #include "dm_auth_context.h"
 #include "dm_auth_state.h"
 #include "dm_auth_state_machine.h"
@@ -31,14 +33,65 @@ namespace DistributedHardware {
 
 const int32_t USLEEP_TIME_US_500000 = 500000; // 500ms
 
+int32_t AuthSinkDataSyncState::VerifyCertificate(std::shared_ptr<DmAuthContext> context)
+{
+#ifdef DEVICE_MANAGER_COMMON_FLAG
+    (void)context;
+    LOGI("open source device do not verify cert!");
+    return DM_OK;
+#else
+    if (context == nullptr) {
+        LOGE("context_ is nullptr!");
+        return ERR_DM_POINT_NULL;
+    }
+    // Compatible with 5.1.0 and earlier
+    if (!CompareVersion(context->accesser.dmVersion, DM_VERSION_5_1_0)) {
+        LOGI("cert verify is not supported");
+        return DM_OK;
+    }
+    // Compatible common device
+    if (CompareVersion(context->accesser.dmVersion, DM_VERSION_5_1_0) &&
+        context->accesser.isCommonFlag == true) {
+        LOGI("src is common device.");
+        if (DeviceProfileConnector::GetInstance().
+            CheckIsSameAccountByUdidHash(context->accesser.deviceIdHash) == DM_OK) {
+            LOGE("src is common device, but the udidHash is identical in acl!");
+            return ERR_DM_VERIFY_CERT_FAILED;
+        }
+        return DM_OK;
+    }
+    DmCertChain dmCertChain{nullptr, 0};
+    if (!AuthAttestCommon::GetInstance().
+        DeserializeDmCertChain(context->accesser.cert, &dmCertChain)) {
+        LOGE("cert deserialize fail!");
+        return ERR_DM_DESERIAL_CERT_FAILED;
+    }
+    int32_t certRet = AuthCert::GetInstance().
+        VerifyCertificate(dmCertChain, context->accesser.deviceIdHash.c_str());
+    // free dmCertChain memory
+    AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain);
+    if (certRet != DM_OK) {
+        LOGE("validate cert fail, certRet = %{public}d", certRet);
+        return ERR_DM_VERIFY_CERT_FAILED;
+    }
+    return DM_OK;
+#endif
+}
+
 // Received 180 synchronization message, send 190 message
 int32_t AuthSinkDataSyncState::Action(std::shared_ptr<DmAuthContext> context)
 {
     LOGI("AuthSinkDataSyncState::Action start");
+    // verify device cert
+    int32_t ret = VerifyCertificate(context);
+    if (ret != DM_OK) {
+        LOGE("AuthSinkNegotiateStateMachine::Action cert verify fail!");
+        context->reason = ret;
+        return ret;
+    }
     // Query the ACL of the sink end. Compare the ACLs at both ends.
     context->softbusConnector->SyncLocalAclListProcess({context->accessee.deviceId, context->accessee.userId},
         {context->accesser.deviceId, context->accesser.userId}, context->accesser.aclStrList);
-
     // Synchronize the local SP information, the format is uncertain, not done for now
     context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_RESP_DATA_SYNC, context);
     context->accessee.deviceName = context->softbusConnector->GetLocalDeviceName();
diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp
index a483b4ad8ea708ac6a9e695e46dfb89421af6dfc..363cb393f40f142ab1941233e917d723f723ab23 100644
--- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp
+++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp
@@ -16,6 +16,8 @@
 #include <iomanip>
 #include <iostream>
 #include <sstream>
+#include "dm_auth_attest_common.h"
+#include "dm_auth_cert.h"
 #include "dm_auth_context.h"
 #include "dm_auth_manager_base.h"
 #include "dm_auth_message_processor.h"
@@ -108,6 +110,29 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType()
     return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE;
 }
 
+std::string AuthSrcCredentialAuthDoneState::GenerateCertificate(std::shared_ptr<DmAuthContext> context)
+{
+#ifdef DEVICE_MANAGER_COMMON_FLAG
+    if (context == nullptr) {
+        LOGE("context_ is nullptr!");
+        return "";
+    }
+    context->accesser.isCommonFlag = true;
+    LOGI("open device do not generate cert!");
+    return "";
+#else
+    DmCertChain dmCertChain;
+    int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain);
+    if (certRet != DM_OK) {
+        LOGE("generate cert fail, certRet = %{public}d", certRet);
+        return "";
+    }
+    std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain);
+    AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain);
+    return cert;
+#endif
+}
+
 int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> context)
 {
     // decrypt and transmit transmitData
@@ -115,7 +140,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> co
     if (ret != DM_OK) {
         return ret;
     }
-
     // Authentication completion triggers the Onfinish callback event.
     if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) {
         LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed");
@@ -128,7 +152,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> co
         LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
         return ret;
     }
-
     // first time joinLnn, auth lnnCredential
     if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false &&
         context->accesser.bindLevel != USER) {
@@ -141,7 +164,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> co
             LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed");
             return ret;
         }
-
         // wait for onTransmit event
         if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) {
             LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived.");
@@ -150,9 +172,11 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> co
         // First-time authentication and Lnn credential process
     } else if (context->accesser.isGenerateLnnCredential == true && context->accesser.bindLevel != USER) {
         SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId);
+        context->accesser.cert = GenerateCertificate(context);
         msgType = MSG_TYPE_REQ_DATA_SYNC;
     } else {  // Non-first-time authentication transport credential process
         SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId);
+        context->accesser.cert = GenerateCertificate(context);
         msgType = MSG_TYPE_REQ_DATA_SYNC;
     }
     std::string message =
@@ -161,7 +185,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> co
         LOGE("AuthSrcCredentialAuthDoneState::Action CreateMessage failed");
         return ERR_DM_FAILED;
     }
-
     return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
 }
 
diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
index 2a4066dbf3fbfe2a0c4d75328b164d5be3786a1f..eae7d17263c2756a3842fbfde38b41dffdd5169c 100644
--- a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
+++ b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
@@ -24,8 +24,6 @@
 #include "app_manager.h"
 #include "business_event.h"
 #include "distributed_device_profile_client.h"
-#include "dm_auth_cert.h"
-#include "dm_auth_attest_common.h"
 #include "dm_crypto.h"
 #include "dm_log.h"
 #include "dm_timer.h"
diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp
index 03712b2b4d39b9df08bc4abfa064cf93082bf9ff..820a997d7c7a647e21883dbc05afbbf508accab5 100644
--- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp
+++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp
@@ -836,7 +836,7 @@ int32_t DmAuthMessageProcessor::ParseSyncMessage(std::shared_ptr<DmAuthContext>
             context->confirmOperation = static_cast<UiAction>(userConfirmOpt);
         }
     }
-
+    ParseCert(jsonObject, context);
     return DM_OK;
 }
 
@@ -994,7 +994,6 @@ int32_t DmAuthMessageProcessor::ParseNegotiateMessage(
     }
     ParseAccesserInfo(jsonObject, context);
     ParseUltrasonicSide(jsonObject, context);
-    ParseCert(jsonObject, context);
     context->authStateMachine->TransitionTo(std::make_shared<AuthSinkNegotiateStateMachine>());
     return DM_OK;
 }
@@ -1430,7 +1429,8 @@ int32_t DmAuthMessageProcessor::EncryptSyncMessage(std::shared_ptr<DmAuthContext
         LOGI("Sink Send user confirm opt");
         syncMsgJson[TAG_USER_CONFIRM_OPT] = context->confirmOperation;
     }
-
+    syncMsgJson[TAG_IS_COMMON_FLAG] = context->accesser.isCommonFlag;
+    syncMsgJson[TAG_DM_CERT_CHAIN] = context->accesser.cert;
     std::string syncMsg = syncMsgJson.Dump();
     std::string compressMsg = CompressSyncMsg(syncMsg);
     if (compressMsg.empty()) {