Textual Amendments
Writing of calibration data or access to the calibration input/output line is not possible unless the VU is in CALIBRATION mode. In addition to insertion of a valid workshop card into the VU, it is necessary to enter the appropriate PIN into the VU before access to the CALIBRATION mode is granted.
The SecurityAccess service provides a means to enter the PIN and to indicate to the tester whether or not the VU is in CALIBRATION mode.
It is acceptable that the PIN may be entered through alternative methods.
The SecurityAccess service consists of a SecurityAccess ‘ requestSeed ’ message, eventually followed by a SecurityAccess ‘ sendKey ’ message. The SecurityAccess service must be carried out after the StartDiagnosticSession service.
[CPR_033] The tester shall use the SecurityAccess "requestSeed" message to check if the vehicle unit is ready to accept a PIN.
[CPR_034] If the vehicle unit is already in CALIBRATION mode, it shall answer the request by sending a ‘ seed ’ of 0x0000 using the service SecurityAccess Positive Response.
[CPR_035] If the vehicle unit is ready to accept a PIN for verification by a workshop card, it shall answer the request by sending a ‘ seed ’ greater than 0x0000 using the service SecurityAccess positive response.
[CPR_036] If the vehicle unit is not ready to accept a PIN from the tester, either because the workshop card inserted is not valid, or because no workshop card has been inserted, or because the vehicle unit expects the PIN from another method, it shall answer the request with a negative response with a response code set to conditionsNotCorrectOrRequestSequenceError.
[CPR_037] The tester shall then, eventually, use the SecurityAccess ‘ sendKey ’ message to forward a PIN to the Vehicle Unit. To allow time for the card authentication process to take place, the VU shall use the negative response code requestCorrectlyReceived-ResponsePending to extend the time to respond. However, the maximum time to respond shall not exceed five minutes. As soon as the requested service has been completed, the VU shall send a positive response message or negative response message with a response code different from this one. The negative response code requestCorrectlyReceived-ResponsePending may be repeated by the VU until the requested service is completed and the final response message is sent.
[CPR_038] The vehicle unit shall answer to this request using the service SecurityAccess Positive Response only when in CALIBRATION mode.
[CPR_039] In the following cases, the vehicle unit shall answer to this request with a Negative Response with a response code set to:
subFunctionNot supported: invalid format for the subfunction parameter (accessType),
conditionsNotCorrectOrRequestSequenceError: vehicle unit not ready to accept a PIN entry,
invalidKey: PIN not valid and number of PIN checks attempts not exceeded,
exceededNumberOfAttempts: PIN not valid and number of PIN checks attempts exceeded,
generalReject: Correct PIN but mutual authentication with workshop card failed.
[CPR_040] The message formats for the SecurityAccess ‘ requestSeed ’ primitives are detailed in the following tables:
SecurityAccess request — requestSeed message
Byte # | Parameter Name | Hex value | Mnemonic |
---|---|---|---|
#1 | Format byte — physical addressing | 80 | FMT |
#2 | Target address byte | EE | TGT |
#3 | Source address byte | tt | SRC |
#4 | Additional length byte | 02 | LEN |
#5 | SecurityAccess request service Id | 27 | SA |
#6 | accessType — requestSeed | 7D | AT_RSD |
#7 | Checksum | 00-FF | CS |
SecurityAccess — requestSeed positive response message
Byte # | Parameter Name | Hex value | Mnemonic |
---|---|---|---|
#1 | Format byte — physical addressing | 80 | FMT |
#2 | Target address byte | tt | TGT |
#3 | Source address byte | EE | SRC |
#4 | Additional length byte | 04 | LEN |
#5 | SecurityAccess positive response service Id | 67 | SAPR |
#6 | accessType — requestSeed | 7D | AT_RSD |
#7 | Seed High | 00-FF | SEEDH |
#8 | Seed Low | 00-FF | SEEDL |
#9 | Checksum | 00-FF | CS |
SecurityAccess negative response message
Byte # | Parameter Name | Hex value | Mnemonic |
---|---|---|---|
#1 | Format byte — physical addressing | 80 | FMT |
#2 | Target address byte | tt | TGT |
#3 | Source address byte | EE | SRC |
#4 | Additional length byte | 03 | LEN |
#5 | negativeResponse Service Id | 7F | NR |
#6 | SecurityAccess request service Id | 27 | SA |
#7 | responseCode = (conditionsNotCorrectOrRequestSequenceError incorrectMessageLength) | 22 13 | RC_CNC RC_IML |
#8 | Checksum | 00-FF | CS |
[CPR_041] The message formats for the SecurityAccess ‘ sendKey ’ primitives are detailed in the following tables:
SecurityAccess request — sendKey message
Byte # | Parameter Name | Hex value | Mnemonic |
---|---|---|---|
#1 | Format byte — physical addressing | 80 | FMT |
#2 | Target address byte | EE | TGT |
#3 | Source address byte | tt | SRC |
#4 | Additional length byte | m+2 | LEN |
#5 | SecurityAccess Request Service Id | 27 | SA |
#6 | accessType — sendKey | 7E | AT_SK |
#7 to #m+6 | Key #1 (High) | xx | KEY |
… | … | ||
Key #m (low, m must be a minimum of 4, and a maximum of 8) | xx | ||
#m+7 | Checksum | 00-FF | CS |
SecurityAccess — sendKey positive response message
Byte # | Parameter Name | Hex value | Mnemonic |
---|---|---|---|
#1 | Format byte — physical addressing | 80 | FMT |
#2 | Target address byte | tt | TGT |
#3 | Source address byte | EE | SRC |
#4 | Additional length byte | 02 | LEN |
#5 | SecurityAccess positive response service Id | 67 | SAPR |
#6 | accessType — sendKey | 7E | AT_SK |
#7 | Checksum | 00-FF | CS |
SecurityAccess negative response message
Byte # | Parameter Name | Hex value | Mnemonic |
---|---|---|---|
#1 | Format byte — physical addressing | 80 | FMT |
#2 | Target address byte | tt | TGT |
#3 | Source address byte | EE | SRC |
#4 | Additional length byte | 03 | LEN |
#5 | NegativeResponse Service Id | 7F | NR |
#6 | SecurityAccess request service Id | 27 | SA |
#7 | ResponseCode = (generalReject subFunctionNotSupported | 10 12 | RC_GR RC_SFNS |
incorrectMessageLength | 13 | RC_IML | |
conditionsNotCorrectOrRequestSequenceError | 22 | RC_CNC | |
invalidKey | 35 | RC_IK | |
exceededNumberOfAttempts | 36 | RC_ENA | |
requestCorrectlyReceived-ResponsePending) | 78 | RC_RCR_RP | |
#8 | Checksum | 00-FF | CS] ] |