The SecurityAccess service consists of a SecurityAccess ‘requestSeed’ message, eventually followed by a SecurityAccess ‘sendKey’ message. The SecurityAccess service must be carried out after the StartDiagnosticSession service.

[CPR_033] The tester shall use the SecurityAccess "requestSeed" message to check if the vehicle unit is ready to accept a PIN.

[CPR_034] If the vehicle unit is already in CALIBRATION mode, it shall answer the request by sending a ‘seed’ of 0x0000 using the service SecurityAccess Positive Response.

[CPR_035] If the vehicle unit is ready to accept a PIN for verification by a workshop card, it shall answer the request by sending a ‘seed’ greater than 0x0000 using the service SecurityAccess positive response.

[CPR_036] If the vehicle unit is not ready to accept a PIN from the tester, either because the workshop card inserted is not valid, or because no workshop card has been inserted, or because the vehicle unit expects the PIN from another method, it shall answer the request with a negative response with a response code set to conditionsNotCorrectOrRequestSequenceError.

[CPR_037] The tester shall then, eventually, use the SecurityAccess ‘sendKey’ message to forward a PIN to the Vehicle Unit. To allow time for the card authentication process to take place, the VU shall use the negative response code requestCorrectlyReceived-ResponsePending to extend the time to respond. However, the maximum time to respond shall not exceed five minutes. As soon as the requested service has been completed, the VU shall send a positive response message or negative response message with a response code different from this one. The negative response code requestCorrectlyReceived-ResponsePending may be repeated by the VU until the requested service is completed and the final response message is sent.

[CPR_038] The vehicle unit shall answer to this request using the service SecurityAccess Positive Response only when in CALIBRATION mode.

[CPR_039] In the following cases, the vehicle unit shall answer to this request with a Negative Response with a response code set to:

• subFunctionNot supported: invalid format for the subfunction parameter (accessType),

• conditionsNotCorrectOrRequestSequenceError: vehicle unit not ready to accept a PIN entry,

• invalidKey: PIN not valid and number of PIN checks attempts not exceeded,

• exceededNumberOfAttempts: PIN not valid and number of PIN checks attempts exceeded,

• generalReject: Correct PIN but mutual authentication with workshop card failed.

[CPR_040] The message formats for the SecurityAccess ‘requestSeed’ primitives are detailed in the following tables:

[CPR_041] The message formats for the SecurityAccess ‘sendKey’ primitives are detailed in the following tables: