Automotive Diagnostics — Security Access

Consider security access as a means of granting or rejecting access that would need elevated permissions for critical functionalities. Generally, these critical functionalities would require to be in an extended state and then have security access granted. Some of these functionalities are downloading/uploading new data from or to the server/ECU, read specific memory locations in the server, etc.

The security access follows a seed key relationship. Typical working model of security access

• Client/Tester requests the seed from the server/ECU
• Server/ECU responds

Server/ECU responds to the client by sending the seed

Server/ECU internally calculates the key for the seed

• The client receives the seed, generates the key, and sends the key to the server/ECU
• Server/ECU verifies the internally generated key and client-generated key and grants or denies access.

Important points about security access

• The request seed sub-function can be chosen by the designer but should always be an odd number
• The client sending the key to the server will always have a subfunction of Request seed subfunction + 1