Sometimes, Apps may want to validate an account by asking it to sign a predefined text string (challenge) with one of its keys.

It can be useful for a front-end/back-end solution. The APP front-end ask the PKSA to sign a message with the account's key, then send it to its back-end with requests related to the account. The back-end can then validate the signed challenge against the account public key.