diff --git a/session/container.go b/session/container.go
index 2e08943..9a245a4 100644
--- a/session/container.go
+++ b/session/container.go
@@ -8,6 +8,7 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
@@ -199,3 +200,17 @@ func (x Container) AssertVerb(verb ContainerVerb) bool {
 func IssuedBy(cnr Container, id user.ID) bool {
 	return cnr.Issuer().Equals(id)
 }
+
+// VerifySessionDataSignature verifies signature of the session data. In practice,
+// the method is used to authenticate an operation with session data.
+func (x Container) VerifySessionDataSignature(data, signature []byte) bool {
+	var sigV2 refs.Signature
+	sigV2.SetKey(x.authKey)
+	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
+	sigV2.SetSign(signature)
+
+	var sig neofscrypto.Signature
+	sig.ReadFromV2(sigV2)
+
+	return sig.Verify(data)
+}
diff --git a/session/container_test.go b/session/container_test.go
index cb908cd..95e15f0 100644
--- a/session/container_test.go
+++ b/session/container_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
@@ -543,3 +544,25 @@ func TestContainer_Sign(t *testing.T) {
 
 	require.True(t, val.VerifySignature())
 }
+
+func TestContainer_VerifyDataSignature(t *testing.T) {
+	signer := randSigner()
+
+	var tok session.Container
+
+	data := make([]byte, 100)
+	rand.Read(data)
+
+	var sig neofscrypto.Signature
+	require.NoError(t, sig.Calculate(neofsecdsa.SignerRFC6979(signer), data))
+
+	var sigV2 refs.Signature
+	sig.WriteToV2(&sigV2)
+
+	require.False(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
+
+	tok.SetAuthKey((*neofsecdsa.PublicKeyRFC6979)(&signer.PublicKey))
+	require.True(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
+	require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign()))
+	require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1)))
+}