Transaction signing

Transaction signing (or digital transaction signing) is the process of calculating a keyed hash function to generate a unique string which can be used to verify both the authenticity and integrity of an online transaction. A keyed hash is a function of the user's private or secret key and the transaction details, such as the transfer to account number and the transfer amount. To provide a high level of assurance of the authenticity and integrity of the hash it is essential to calculate the hash on a trusted device, such as a separate smart card reader. Calculating a hash on an Internet-connected PC or mobile device such as a mobile telephone/PDA would be counter-productive as malware and attackers can attack these platforms and potentially subvert the signing process itself.