In many applications cryptographic calculations are performed on secrets which are particularly in need of protection, e.g. keys or proprietary algorithms. Some examples are payments by “electronic cash”, the transmission of data over the internet, and mobile telephony. To avoid economic damage due to the misuse of secret data by unauthorized third parties and to protect consumer privacy, data of all kinds are encrypted at the sender's end using a variety of cryptographic methods and are decrypted at the point where the data are received. Third parties need the key, normally known only to the sender and the receiver, in order to be able to decrypt the data and exploit the information contained therein. Many methods and algorithms exist for obtaining these keys, and these are under constant development by the community concerned. To safeguard against such “attacks” the encryption methods are also being developed continuously, particularly in the direction of ensuring that the theoretically feasible obtaining of the key requires such a large number of cryptographic calculations that, with the available computer power, this is possible only over very long periods of time. A disadvantage is that the cryptographic calculations for encryption and legal decryption require an ever greater computing effort.
As an alternative, one possibility is to restrict the number of “attempts”, e.g. when entering the PIN or an EC card or mobile telephone. However, this only makes sense in cases such as these in which only the legal owner can insert the PIN prior to loss, so that exclusion as a result of PIN entry attempts by a third party does not inflict any damage on the legal owner.