Applet has two-tiered architecture, one module runs at client, the applet itself, and the other works at the server.

First, the user browses to the home page of the server. The applet is run in the web browser and sessions to the connected terminals are opened. Then the certificates in the smartcards are listed which does not require PIN. The names to be listed are the names taking place in the CN attributes of the subject fields of the certificates.

After that, the certificate list is displayed in an HTML form and the user selects his own certificate and enters the system by providing the PIN. Then the applet is run again and the smartcard containing the selected certificate is used for signing. The signed data is actually the session number coming from the server. Finally the signature is encoded to Base64 and placed in the HTML form to be post to the server.

At the server, the signature is tried to be verified. If the verification is successful, a session is opened and the user information saved in the session object. An error message is returned to the client if the verification fails.

During the session is open, the user can make signature creation without reentering the PIN, which can happen unless the page is refreshed.