Method for generation of the authorized electronic signature of the authorized person and the device to perform the method

Technical Field

The invention relates to the method for generation of the authorized electronic signature of the authorized person and it relates to the device to perform the method.

Background Art

The current state of the art does not describe methods implemented inside the token which force the check of the data being signed by the user who intends to sign it. However, there are situations where this check is essential, for instance in systems which are able to perform high-value electronic transactions. At present the security of personal computers and applications running on them cannot be warranted. Complex and extensive functions of personal computer software, such as the operating system, Internet access applications, other applications, etc., facilitate easy and hardly detectable running of applications which are not under the sole control of the personal computer's user and which can, in some cases, perform activities that may harm not only personal computer users but also other entities.

Disclosure of the invention

The afore-said disadvantages are removed by the method for generation of the authorized electronic signature of the authorized person and the device to perform the method according to the present invention. The present solution uses security features of tokens. The token is able to protect itself against external attacks. In addition, it enables secure performance of operations, both cryptographic and non- cryptographic ones. Thus it can provide active support for the functions associated with the check of electronically signed data, prior to its signing.

In the method for generation of the authorized electronic signature by the authorized person, the data which are to be electronically signed are entered into the control system. The essence of this method is that the data being signed are stored in the internal memory of the token, the holder of which is the authorized person, in its complete form and/or in the form of a cryptographic hash. Before the production of the electronic signature, an additional authorization code relating to the data being signed is generated and the authorized person is informed about the data being signed, along with the one-time authorization code, via a separate, independent information device which is not part of the control system so that the authorized person can check such data. Afterwards, the one-time authorization code together with other security elements are entered in the token, where they are used as an access condition to produce the electronic signature, i.e. the check is carried out in the token if the one-time authorization code, or other security elements, have been entered correctly. In the affirmative case, the token generates and provides to the control system an electronic signature value which is sent together with the data to the entity for which the electronic signature is being generated, particularly to the banking application or another independent and reliable entity. The advantages of this method include strengthening the principle of non-repudiation of electronic data - the authorized person, who is informed by a device independent of the control system about what is being signed, must approve the signature by entering an additional one-time authorization code, which is temporarily valid only for the data being signed. The independence of the information device of the control system makes the potential attack considerably difficult - the potential attacker is unable to find out the value of the one-time authorization code, which means they are unable to perform any operation of the electronic signature about which the authorized person has not been informed. The signing authorized person, i.e. the originator of the data, knows exactly what is being signed, and the recipient, i.e. the data consumer, has a defined level of certainty about the message originator's identity.

In the advantageous performance of the method, the one-time authorization code is produced in the token prior to electronic signature generation and it is disclosed to the authorized person along with the data being signed via a separate,

independent information device, which is advantageously a reading device, with the transfer of the one-time authorization code from the token to the control system being blocked. The advantage is that the whole operation is performed locally without additional requirements for communications infrastructure and also without the necessity to build other components of the central system. From the view of the party depending on the electronic signature, the logistics of the signed data procession is not changed, neither are the components, if implemented in the system, which are involved in preparing the data to be authorized by the electronic signature.

A further advantageous modification of the method according to the present invention is characterized in that the one-time authorization code is generated prior the production of the electronic signature by the entity for which the authorized electronic signature is being produced, or by a different, independent and reliable system. The entity, or this different independent and reliable system, which generates the one-time authorization code, writes the one-time authorization code along with the data to be signed in the token in a way preventing any unathorized entity from obtaining or modifying the one-time authorization code value or from modifying the data to be signed or their cryptographic hash. Thus the token shares a secret used for establishing this cryptographic channel with the entity or the separate independent reliable system which generates the one-time authorization code. In addition, the one-time authorization code is disclosed to the authorized person together with the data being signed through a separate, independent information device which is unaffectable by the control system, advantageously it is shown on the display of the device which is advantageously the authorized person's mobile phone.

The advantage is that using the current infrastructure and existing devices it is possible to build up a system for generation of the authorized electronic signature relatively quickly. The significant advantage is that the authorized person uses the device they know and they do not have to learn to operate a new device.

Advantageously, the security of the performance of the method can be

strengthened by generating the one-time authorization code within a temporary session, during which the token is able to sign data, which means that the code can be used to authorize the signature of the data which have been sent to the token during the session only, i.e. the validity of the one-time authorization code expires upon disconnecting the token from the power supply, resetting the token, initiating a new session for generation of electronic signature, etc.

The advantage is that the validity of the one-time authorization code can be terminated early and thus the generation of electronic signature can be aborted, if necessary.

The method is advantageously performed in such a way that the operation of generation of the electronic signature for specific data is blocked if the check in the token has revealed the exceeding number of permissible incorrect entries of the one-time authorization code or other security components.

The advantage is that the token itself can abort the generation of the electronic signature on suspicion of an attack when a potential atacker is trying to work out the value of the one-time authorization code or other security components.

In the device to perform the method according to the invention in an advantageous manner, the control system is connected to the entity for which the electronic signature is being generated, using the first communications infrastructure. In addition, the control system is two-way connected with a separate control-system independent information device, which is advantageously an independent reading device two-way connected with the token and which is modified for data transfer between the control system and the token and for the disclosure of selected transferred data to the authorized person, who is the token holder. This independent information device is modified to prevent the transfer of selected sensitive data from the token to the control system.

A further advantageous modification of the device for performance of the method is created in such a way that using the first communications infrastructure the

control system is connected to the entity for which the electronic signature is being generated, and this entity is connected both using the second communications infrastructure, independent of the first network communications infrastructure, with a separate information device to transfer the one-time authorization code and the data to be signed to the authorized person who is the token holder, and using the first communications infrastructure and via the control system it is connected to the token.

A further advantageous modification for performance of the method is created in such a way that using the first communications infrastructure the control system is connected to the entity for which the electronic signature is being generated and to an entity-independent and reliable system for generating and/or encrypting the one-time authorization code and advantageously employing additional security components for the data being signed for the token, and the independent and reliable system is connected using the second communications infrastructure, independent of the first network infrastructure, with an independent information device in order to transfer the one-time authorization code and data to be signed to the authorized person, who is the token holder.

Advantageously, the independent and reliable system for generating and/or encrypting the one-time authorization code and applying security components to the data being signed for the token can be either part of the entity for which the data to be signed are produced, or it can be an independent but reliable system which provides services to multiple independent entities for which electronic signatures of data are generated. The advantages include costs saving as the costs of establishment and operation of such system are shared by multiple entities.

The Internet network is advantageously used as as the first communications infrastructure.

GSM network can be advantageously used as the second communications infrastructure.

A personal computer is advantageously used as the control system by the device.

Features of the token are advantageously implemented in the smart card.

Functions of the token are advantageously implemented together in a traditional, smart card, or another similar traditional device and in the additional independent device. The advantage is that smart cards used up to now without the integrated support of forcing of additional authorization using the one-time code can be used for authorized electronic signature generation in the way presented in this invention. The missing functionalities of generation and verification of the one-time authorization code are implemented in the independent device which, together with the smart card, forms the token as it is described in this invention.

Brief description of drawings

The essence of the invention is apparent from the enclosed drawings.

Figures 1 and 2 of the drawings show the device and the separate steps of the method of the authorized generation of electronic signature using the modifications when the one-time authorization code (JAK code) is generated outside the token. The values of both the JAK code and the content of the data being signed are displayed using an independent channel, e.g. in the form of GSM network, the operator services and the mobile phone. The modification as illustrated in Figure 1 of the drawings shows the case when the entity for which the data are being signed, communicates with the signing person and the token, whereas the modification as illustrated in Figure 2 of the drawings shows the case when there is an additional reliable entity in the system, which is independent of the entity for which the data are being signed, and which provides reliable communication with the authorized person, i.e. the signing person, and the token.

Figure 3 of the drawings shows the device and steps of the method of the authorized generation of the electronic signature using the modification where the

JAK code is generated inside the token. The value of the JAK code and the content of the data being signed are displayed using a special reading device equipped with a display.

Figure 4 of the drawings shows the token created from the independent additional device and a traditional device for electronic signature generation, represented for example by a conventional smart card.

Modes for Carrying Out the Invention

An example of embodiment of the present invention is implementation of the system for secure placement of electronic payment orders via the web interface of the application using:

an ordinary personal computer as the control system D in order to communicate with the web application of a bank, or an entity A and via the Internet browser also other additional SW and HW performing the functions of authentication, particularly the placement and signing of the payment order.

a token G with the afore-mentioned features enabling the authorized generation of electronic signature,

advantageously

a separate information device F ₁ e.g. a mobile phone and GSM network, which serves for sending both the JAK code and the content of the transaction which is being signed to the authorized person E, e.g. the bank's client, see the flow chart in Figures 1 and 2,

a special reading device H monitoring and, if necessary, modifying communication between the personal computer and the token G, and being able to display important information, such as the JAK code value and the data which are being signed, in addition, it is able to prevent the transfer of the JAK code value from the

token G, or the smart card, to control system D, or the personal computer, see the flow chart in Figure 3.

The modification of the method performed by the device according to Figure 1 of the drawings is characterized in that the one-time authorization JAK code is generated externally, i.e. outside the token G, using the first communications infrastructure C, which is the Internet network, and using the second communications infrastructure B, which is GSM network, as an independent channel for the display of the data which are being signed and the associated onetime authorization JAK code.

In step 1, the authorized person E, in this case the client of the entity A, i.e. the bank, enters data of the electronic transaction which the bank is to perform using the form in the control system D, which is a personal computer in this case. These data are transferred using the first communications infrastructure C, which is the Internet network, to the environment of the entity A, i.e. the bank. In step 2 the entity A, i.e. the bank, generates a random value of the one-time authorization JAK code for the electronic transaction data. The JAK code value consists of four digits, for instance. Afterwards, the bank generates the hash of the data which are to be signed and sends it and its encrypted form to the token G. Encrypted storing of the data to the token G can include several steps: a) switching on the power supply of the token G _-1 b) selection of PKI application, c) a request to the token G to generate a block of data which will be used for establishment of the encrypted channel, d) in the bank's secure environment the data obtained in the previous step are used to generate an encryption key (minimum 3DES algorithm, preferably AES, the key exchange algorithm can be proprietary or one of the standardized methods can be used, such as Diffie-Hellman key agreement). e) a block of data for the token G is made using the generated encryption key, and the block of data includes: i. advantageously additional information, which will be used to derive the applied encryption key by the token G,

ii. advantageously encrypted information about the maximum number of re-tries to enter the JAK code by the authorized person E, typically 3 incorrect entries are allowed, iii. an encrypted value of the JAK code, iv. encrypted, or signed as minimum, hash value of the data being signed, advantageously electronic signature of all or selected parts of the block of data sent to the token G which will establish, by verifying the signature, whether the data have been generated by a reliable system, f) the block of data as described in the previous point is transferred to the token G where it is processed, i.e. an encryption key is generated and syntactic and cryptographic checks are carried out.

In the following step 3, the bank sends the value of the generated JAK code, together with all the details of the electronic transaction entered by the authorized person E in step 1_, e.g. type of transaction, target account, amount, variable symbol, etc. via the second communications infrastructure B, such as GSM networks, in an SMS message to the authorized person E's mobile phone. The authorized person E's mobile phone number is kept in the bank's internal database. At this point it is crucial that the communication with the GSM operator be sufficiently secured so that it cannot be abused by a potential attacker.

In the following step 6, the authorized person E, i.e. the bank's client and at the same time the holder of the independent information device F ₁ e.g. a mobile phone, and the token G, checks the particulars of the transaction, especially if they match the transaction parameters entered by the authorized person E in step one. At the same time the authorized person reads the JAK code value. If the particulars of the payment match the transaction parameters, the bank's client proceeds to the following step 7. If the bank's client does not intend to authorize the transaction with their signature, they will abort the whole process.

In the following step 7, by entering PIN code, the bank's client logs in to the token G and, by entering the JAK code, authorizes the transaction, i.e. confirms the transaction parameters. It is necessary to point out that the token G was pre-

initiated in step 2. The token G checks the PIN, if it has not been entered correctly, the token's firmware enables PIN re-entry until it is blocked. Similarly, the token G checks the JAK code - re-entry of the JAK code is allowed until the maximum number of re-entries of the incorrect JAK code value is reached, typically 3 tries. If any of the verification codes - PIN, JAK - has been blocked, or if the token G has been resetted or disconnected from the power supply, the operation is disabled. If all the access conditions have been verified correctly, the operation proceeds to step 8.

Since the token G has performed successfully all the checks of the access conditions, the electronic signature value of the data whose cryptographic hash was stored in the token G's memory in step 2 is computed in the token G. The value of the electronic signature is sent to the bank where it is processed further, using standard procedures.

The advantage of this modification is that to perform the function of authorized electronic code generation it uses two separate existing communications infrastructures, namely the first communications infrastructure C, which is the Internet network, for the communication between the entity A, i.e. the bank, on the one hand, and the authorized person E, the control system D, i.e. the personal computer, and the token G on the other hand. The first communications infrastructure C serves for the transfer of the data to be signed, the transfer of the JAK code relating to the specific transaction, and the transfer of the data signature itself. The second communications infrastructure B, which is the operator's GSM network, serves for sending information messages containing the externally generated one-time JAK code, which is transferred by the authorized person E to the token G, e.g. a smart card, where it is compared with the one-time JAK code stored in an encrypted form in the smart card before.

A further modification of the method is performed by the device according to Figure 2 of the drawings where the JAK code is generated externally again, using a GSM network as a separate channel for the display of both the data to be signed and the associated value of the JAK code, using a reliable, independent system |

for sending SMS messages and encrypted communication with token G.

In this case it is a modification of the previous case where steps 2 and 3 are performed not by the entity A, i.e. the bank, but by an independent, reliable entity L In step 1 the authorized person E ₁ i.e. the bank's client, uses the form on the control system D, i.e. the personal computer, to type the data of the electronic transaction which is to be performed by the bank. The data are sent via the communications infrastructure C, advantageously the Internet network, to the environment of the bank and the independent reliable system L

In step 2 the independent, reliable system i generates a random value of the JAK code for the electronic transaction data. The JAK code value may consist of four digits, for instance. The independent, reliable system i generates a cryptographic hash of the data which are to be signed and it ensures its encrypted storing in the token G.

Encrypted storing of the data to be signed to the token G can, in reality, consists of several substeps: a) switching on the power supply for the token G ₁ b) selection of PKI application, c) a request to the token G to generate a block of data which will be used to establish an encrypted channel, d) in the secure, independent and reliable system | the data obtained in the previous step are used to generate an encryption key (minimum 3DES algorithm, preferably AES, the key exchange algorithm can be proprietary, or one of the standardized methods can be used, such as Diffie-Hellman key agreement), e) a block of data for the token G is made using the generated encryption key, and the block of data includes: i. advantageously additional information, which the token G will use to derive the applied encryption key, ii. advantageously encrypted information about the maximum number of re-tries to enter the JAK code value by the user, typically 3 incorrect entries are allowed,

iii. an encrypted JAK code value, iv. an encrypted, or at least signed, hash value of the data being signed, v. advantageously, an electronic signature of all or selected parts of the block of data sent to the token G which verifies the signature to determine whether the data have been generated by a reliable system. f) the block of data, as described in the previous point, is tranferred to the token G, where it is processed, i.e. an encryption key is generated and syntactic and cryptographic checks are carried out.

In step 3 the independent, reliable system I sends the value of the generated JAK code, along with all the important details of the electronic transaction entered by the client in step 1 , e.g. type of transaction, target account, amount, variable symbol, etc., via the second communications infrastructure B, such as a GSM network, in an SMS message to the client's mobile phone number, with the client's mobile phone number being kept in the internal database of an independent, reliable system \. It is crucial that the communication using the GSM network be sufficiently secured, both physically and applicationally, so that it cannot be abused by a potential attacker.

In the following step 6, the authorized person E, i.e. the bank's client, at the same time the holder of the separate information device F, i.e. a mobile phone, and the token G checks the details of the transaction, particularly if they match the parameters of the transaction entered by them in step 1. At the same time they read the value of the JAK code. If the details of the payment match the transaction parameters, the authorized person E proceeds to step 7. If the authorized person E does not intend to authorize for example a banking transaction with the signature, they will abort the whole process.

In step 7, by entering PIN, the authorized person E logs in to the token G and, by entering the JAK code, confirms the parameters of the transaction of the token G, thus the transaction is authorized to be processed. The token G was pre-initiated in step 2. The token G checks the PIN, if it has not been entered correctly, the token G's firmware enables PIN re-entry until it is blocked. The token G checks

the JAK code similarly. Re-entries of the JAK code are allowed until the maximum number of incorrect JAK code value re-entries has been reached - typically 3 tries. If any of the verification codes, PIN or JAK, has been blocked, or if the token G has been resetted or disconnected from the power supply, the operation cannot be finished. If all the access conditions have been verified correctly, the operation proceeds to step 8.

Since the token G has checked successfully all the access conditions, the electronic signature value of the data, the cryptographic hash of which was written in the token's memory in step 2, can be computed in token G as part of step 8. The value of the electronic signature is sent to the bank where it is processed further, using standardized procedures.

The advantage of this modification is that to perform the function of authorized code generation it uses two independent and existing communications infrastructures. It is the afore-mentioned first communications infrastructure C, which is the Internet network, for communication between the entity A and the independent reliable system i, on the one hand, and the authorized person E, i.e. the bank's client, and the control system D and the token G, on the other hand. The first communications infrastructure C is used to transfer the data to be signed, the encrypted JAK code relating to the specific transaction and the data signature itself. Furthermore, this modification uses a different, independent communications infrastructure B, which is a GSM network, for sending information messages containing the externally generated one-time JAK code, which is transferred by the authorized person E to the token G, which can be for instance a smart card, where it is compared with the JAK code, which was written in an encrypted form in the smart card previously.

A further advantage of this modification is that the additional operations for encrypted communication with the token G and SMS notification of the authorized person E, i.e. token G's holder, is performed by the independent, reliable system |. The entity A, i.e. the bank, does not need to build up any additional encryption systems, and, one independent, reliable entity | can provide its services to multiple

banks, which leads to cost efficiency.

With the modification as illustrated in Figure 3 of the drawings, the JAK code is generated inside the token G, i.e. the smart card, and the special reading device H is used to display the data to be signed and the associated value of the JAK code by analysing and modifying the communication between the control system D and the token G.

In step 1 the authorized person E, i.e. the bank's client, uses the form in the control system D, which is for instance a personal computer, to enter the data of the electronic transaction which is to be performed by the bank. In the following step, marked by reference character 4 in Figure 3 of the drawings, the entered data are transferred via the independent information device, which is the special reading device H, to the token G's memory.

Storing of the data in the token G can consist of several substeps: a) switching on the power supply of token G, b) optional reading of the configuration data from the token G's memory - the configuration data can be used by the reading device to "learn" to monitor the communication between the personal computer and token G, c) optional authentication of the personal computer's software for the token G - the token G knows that a reliable application is communicating with it, d) optional authentication of the reading device's software for the token G. The authentication can be two-sided, i.e. both the token G and the special reading device JH trust each other, and the result can be the generation of the common encryption key for the session, i.e. the token G and the independent information device, i.e. the special reading device H, can communicate with each other in an encrypted form. e) setting up of a cryptographic operation and storing of the data to be signed in the token G. At this point the data to be signed are monitored by the special reading device H, they are hashed by the token G, correct receiving of the data to be signed is indicated by the token G and subsequently the special reading device H can serve for its transfer to the authorized person E, i.e. the token G's holder.

In the following step 5, after the acceptance of the complete data to be signed by the token G, a random JAK code is generated for this data in the token G, which may consist for example of four digits, and a maximum number of permissible incorrect entries is set up, e.g. to value 3. The JAK code value is sent to the special reading device H by the token G, the communication can be encrypted, as mentioned in step 4. The reading device H ensures that the JAK code value does not get to the control system D, which is a personal computer. The JAK code value is disclosed to the authorized person E, i.e. the token G's holder. Along with the value of the JAK code, the data to be signed transferred in step 4 are also disclosed to the token G's holder by the reading device H, see step 6.

The authorized person E, i.e. the token G's holder, has now the data to be signed, which were sent to be signed to the token G, and the one-time JAK code, by entering of which the authorized person E can confirm the data have been checked. If the data to be signed correspond with the signing person's intention, the operation proceeds to step 7. Otherwise, the user can stop the operation using the personal computer or simply by taking the card out of the reading device.

If the data to be signed are correct, in step 7 the authorized person E, i.e. the bank's client, using the personal computer, enters the authentication data necessary to generate the electronic signature. The authentication data compulsorily include the JAK code value, and advantageously PIN. The token G checks the PIN, if it has not been entered correctly, the token G's firmware enables a repeated PIN entry until it is blocked. The token G checks the JAK code similarly - until the maximum number of re-entries of an incorrect JAK code value has been reached - typically 3 tries - re-entries of the JAK code are allowed. If any of the verification codes, PIN or JAK, has been blocked, or if the token G has been resetted or disconnected from the power supply, the operation cannot be finished. If all the access conditions have been verified correctly, the operation proceeds to step 8.

Since the token G has checked successfully all the access conditions, the electronic signature value of the data, which were written in the token's memory in

step 4, can be computed in token G as part of step 8. The value of the electronic signature is sent to the bank where it is processed further, using standardized procedures. The personal computer ensures sending the electronic signature value, and sending the data being signed as well.

The advantage of this modification is that to perform the one-time authorization JAK code generation it uses the special reading device H, thanks to which it is possible to generate the one-time authorization JAK code directly in the token G. The special reading device JH ensures that the JAK code, along with the data to be signed or with a substantial part of them, are disclosed directly to the authorized person E, i.e. the token G's holder, practically immediately after the data to be signed have been sent along with the request to generate the electronic signature from the personal computer to the token G, with the possibility to transfer the authorization JAK code from the token G to the personal computer's environment being blocked. Thus it is not necessary to use an external communication channel, the operation of which could increase the costs of transaction.

All the afore-mentioned examples of embodiments can contain additional, auxiliary elements to increase security and ergonomics. The elements are additional mechanisms inside the token G which make it possible to distinguish types of performance of the electronic signature operations. These operations can be divided as follows:

1) operations of electronic signature for authentication purposes

2) operations of ordinary electronic signature

3) operations of authorized electronic signature, using the JAK code as described in the present invention

Each type of the electronic signature can use its own group of signature schemes. These are defined by a set of parameters - e.g. the applied type (or algorithm) of one-way compression function (hash), the applied typ (or algorithm) of adding data in the electronic signature (so called padding), the applied type (or algorithm) for electronic signature generation, etc. Alternatively, the operation of authorized

electronic signature generation, using the JAK code value as it is described in this invention, can be indicated by a specified mark placed, for example, at the beginning of the data being signed.

Consequently, the internal program code of the token G is able to assign different access conditions to the operations of electronic signature generation based upon signature schemes. The recipient of the signed data can advantageously use the knowledge of the method of the authorization to modify the level of trust in the signed message for generation of a particular type of signature scheme.

The modification according to Figure 3 of the drawings can be advantageously performed even using traditional smart cards with implemented mechanisms for electronic signature generation, however without the support of functions of the authorized electronic signature generation using the JAK code as it is described in this invention. The method of implementation of the solution with such smart card, or another similar traditional device K for electronic signature generation, can be that the additional functions relating to the JAK code value generation and verification are performed by the additional, independent device J, which together with the traditional device K, i.e. smart card, forms one whole - the token G, as it is indicated in Figure 4 of the drawings. In this modification, advantageous from the point of view of using current tools for electronic signature generation, the onetime authorization JAK code is generated within the additional, independent device J in step 5 in the way described in the modification according to Figure 3 of the drawings. Step 7, as it is described for Figure 3 of the drawings, is performed in sub-steps inside the composite token G as follows: a) in sub-step 7.1 user verification codes are sent to the traditional device K in order to generate the electronic signature, where they are checked. This step can be repeated with various values until the verification codes are blocked. If the traditional device K for electronic signature generation verifies the validity of these codes, it will transfer the electronic signature value to the additional, independent device J in substep 7.2. b) In sub-step 7.3 the additional, independent device J will keep the electronic signature value obtained from the traditional device K in sub-step 7.2 until the one-

time authorization JAK code value, which was generated in step 5, is successfully checked. The additional, independent device J typically enables 3 attempts to verify the one-time authorization JAK code value. If the maximum permissible number of re-tries is exceeded, the return of the electronic signature value is blocked. c) If the one-time authorization JAK code value has been entered correctly and has been verified in sub-step 7.3, the additional, independent device J enables the transfer of the electronic signature value into an external environment, which is indicated in the Figure as sub-step 7.4, which, in fact, corresponds with Step 8 of the modification according to Figure 3 of the drawings.

Industrial applicability

The method for authorized generation of electronic signature of data according to the present invention is an industrially applicable solution which can be used especially in applications requiring a strong principle of non-repudiation. These application include above all electronic banking applications which perform financial transactions directly, which makes them very interesting for potential attackers. The invention enables the authorized person E, i.e. the bank's client, to check what operation is being performed, and the entity A, i.e. the bank, has a higher degree of trust in transactions signed in such way.

Similarly, the system can be applied, for example, in electronic communication between a citizen and the state administration, or in other electronic signature- based systems.