If it is generally provided to use a product which handles and/or includes sensitive and/or protection-worthy data in a non-secure environment, the sensitive data in the product must be protected against misuse.
In terms of the circuitry, the circuit must be designed or laid out in such a way that it has no error sources which a hacker may be able to use to access the sensitive information. At least two approaches are known for achieving this.
According to a first approach, a special circuit may be used which has a highly compact design and is engineered only for a specific purpose. The compact design, which is inexpensive to manufacture and may be easily kept free of errors, is suitable for this application. However, the occurrence of errors results in substantial additional costs, since a complete redesign is required. However, special circuits of this type remain state of the art at the time of their production. Since upgrades ordinarily exist, special circuits of this type usually have only a short service life; phone cards thus have an expiration date. Although the balance is not lost once the expiration date is reached, it must be transferred to a new phone card. Such an approach is therefore not suitable for long-lived products, such as for a control unit in a vehicle.
Furthermore, according to a second approach, so-called generic circuits are used which have a programmable microcontroller (μC) including a coprocessor, which is designed for processing sensitive data. In this case, errors are comparatively easy to remedy, since only the software has to be changed. Algorithms may also be changed by replacing software. To modify or check the software, however, it is necessary to access the circuit or a corresponding system. This access may be provided via a debug interface and thus via an interface for diagnosing errors.
However, the debug interface represents an additional source of errors and must itself be protected separately. The aforementioned generic circuit is also expensive, due to its complexity.