abstract  Smart cards, having no user interface, are unable to communicate with the user directly. Communication is only possible with the aid of a terminal, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. I have created a formal model for dealing with untrusted terminals, and developed mathematical proofs on the limitations of a user in an untrusted terminal environment. Unfortunately, these limitations are too severe, so the attacks of malicious terminals cannot be fully eliminated. Thus, I elaborated solutions to mitigate the problem: I have developed a protocol that takes advantage of the biometric abilities of the user and thus allows sending authentic messages from untrusted terminals. I have also developed a framework for the user to review signatures made in untrusted environment, and to revoke unintended signatures.