With　the　trend　of　multi-domain　coexistence　and　multi-cloud　convergence　in　cloud　computing,　the　security　of　massive　device　access　is　facing　severe　challenges.　The　essential　security　requirement　for　connection　between　terminal　devices　and　cloud　servers　is　authentication　and　the　establishment　of　the　session　key.　It　is　incredibly　challenging　to　design　a　two-party　mutual　authentication　and　agreement　protocol.　In　this　paper,　we　propose　a　lightweight　certificateless　authentication　and　key　agreement　protocol,　which　combines　elliptic　curve　cryptography　and　trusted　computing　to　achieve　mutual　authentication　between　internet　of　things　devices　and　cloud　servers.　We　analyze　the　potential　attacks　in　the　protocol　and　confirm　the　accuracy　and　security　of　the　protocol　using　formal　analysis　methods.　Finally,　we　compare　the　protocol　against　different　protocols　in　terms　of　computation　and　communication　overhead　and　demonstrate　that　our　protocol　is　better　and　more　effective.　©　2023　IEEE.