Search

US-12627496-B2 - Secure access to vehicle electronic control unit (ECU)

US12627496B2US 12627496 B2US12627496 B2US 12627496B2US-12627496-B2

Abstract

A method of supporting secure access to an electronic control unit (ECU) of a vehicle may comprise receiving, from a diagnostic tool connected to the vehicle, encrypted data including an ECU address corresponding to the ECU, vehicle identification information of the vehicle, and a security seed, decrypting the encrypted data, retrieving, from a database, an initialization vector based on the ECU address and the vehicle identification information, calculating a security key based on the initialization vector and the security seed using an application programming interface (API) associated with an original equipment manufacturer (OEM) of the ECU, encrypting the security key, and sending the encrypted security key to the diagnostic tool to be decrypted and used by the diagnostic tool to gain secure access to the ECU.

Inventors

  • Phuong Pham
  • Keith Andreasen
  • Ly Bach
  • Khanh Le
  • Hoang Nguyen

Assignees

  • INNOVA ELECTRONICS CORPORATION

Dates

Publication Date
20260512
Application Date
20240613

Claims (18)

  1. 1 . A method of supporting secure access to an electronic control unit (ECU) of a vehicle, the method comprising: receiving, from a diagnostic tool connected to the vehicle, encrypted data including an ECU address corresponding to the ECU, vehicle identification information of the vehicle, and a security seed; decrypting the encrypted data; retrieving, from a database, an initialization vector based on the ECU address and the vehicle identification information; calculating a security key based on the initialization vector and the security seed using an application programming interface (API) associated with an original equipment manufacturer (OEM) of the ECU; encrypting the security key; and sending the encrypted security key to the diagnostic tool to be decrypted and used by the diagnostic tool to gain secure access to the ECU; wherein the encrypted data further includes a global unique identification number (GUID) of the diagnostic tool, the method further comprising validating the GUID prior to retrieving the initialization vector from the database.
  2. 2 . The method of claim 1 , wherein said retrieving the initialization vector from the database includes finding a match in the database corresponding to the ECU address and the vehicle identification information.
  3. 3 . The method of claim 2 , wherein the vehicle identification information includes a year, make, and model of the vehicle.
  4. 4 . The method of claim 1 , wherein said calculating is further based on an encrypted fixed byte associated with the initialization vector.
  5. 5 . The method of claim 4 , wherein the method further comprises, prior to said calculating, decrypting the encrypted fixed byte using the initialization vector and a secret key.
  6. 6 . The method of claim 1 , wherein said decrypting, said retrieving, said calculating, said encrypting, and said sending proceed autonomously in response to said receiving.
  7. 7 . A computer program product comprising one or more non-transitory program storage media on which are stored instructions executable by one or more processors or programmable circuits to perform operations for supporting secure access to an electronic control unit (ECU) of a vehicle, the operations comprising: receiving, from a diagnostic tool connected to the vehicle, encrypted data including an ECU address corresponding to the ECU, vehicle identification information of the vehicle, and a security seed; decrypting the encrypted data; retrieving, from a database, an initialization vector based on the ECU address and the vehicle identification information; calculating a security key based on the initialization vector and the security seed using an application programming interface (API) associated with an original equipment manufacturer (OEM) of the ECU; encrypting the security key; and sending the encrypted security key to the diagnostic tool to be decrypted and used by the diagnostic tool to gain secure access to the ECU; wherein the encrypted data further includes a global unique identification number (GUID) of the diagnostic tool, the operations further comprising validating the GUID prior to retrieving the initialization vector from the database.
  8. 8 . The computer program product of claim 7 , wherein said retrieving the initialization vector from the database includes finding a match in the database corresponding to the ECU address and the vehicle identification information.
  9. 9 . The computer program product of claim 8 , wherein the vehicle identification information includes a year, make, and model of the vehicle.
  10. 10 . The computer program product of claim 7 , wherein said calculating is further based on an encrypted fixed byte associated with the initialization vector.
  11. 11 . The computer program product of claim 10 , wherein the operations further comprise, prior to said calculating, decrypting the encrypted fixed byte using the initialization vector and a secret key.
  12. 12 . A system for supporting secure access to an electronic control unit (ECU) of a vehicle, the system comprising: a diagnostic tool operable to connect to the vehicle and to retrieve, from the vehicle, an ECU address corresponding to the ECU, vehicle identification information of the vehicle, and a security seed, the diagnostic tool further being operable to encrypt data including the ECU address, the vehicle identification information, and the security seed; and one or more servers operable to receive the encrypted data from the diagnostic tool, to decrypt the encrypted data, and to retrieve, from a database, an initialization vector based on the ECU address and the vehicle identification information, the one or more servers further being operable to calculate a security key based on the initialization vector and the security seed using an application programming interface (API) associated with an original equipment manufacturer (OEM) of the ECU, to encrypt the security key, and to send the encrypted security key to the diagnostic tool to be decrypted and used by the diagnostic tool to gain secure access to the ECU; wherein the encrypted data further includes a global unique identification number (GUID) of the diagnostic tool, the one or more servers further being operable to validate the GUID prior to retrieving the initialization vector from the database.
  13. 13 . The system of claim 12 , wherein the diagnostic tool is operable to encrypt the data including the ECU address, the vehicle identification information, the security seed, and the GUID and send the encrypted data to the one or more servers autonomously in response to retrieving the ECU address, the vehicle identification information, and the security seed from the vehicle.
  14. 14 . The system of claim 12 , wherein the retrieving of the initialization vector by the one or more servers includes finding a match in the database corresponding to the ECU address and the vehicle identification information.
  15. 15 . The system of claim 14 , wherein the vehicle identification information includes a year, make, and model of the vehicle.
  16. 16 . The system of claim 12 , wherein the calculating of the security key by the one or more servers is further based on an encrypted fixed byte associated with the initialization vector.
  17. 17 . The system of claim 16 , wherein the one or more servers is further operable to decrypt the encrypted fixed byte using the initialization vector and a secret key prior to calculating the security key.
  18. 18 . The system of claim 12 , wherein the diagnostic tool is operable to connect to the vehicle via a data port of the vehicle.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS Not Applicable STATEMENT RE: FEDERALLY SPONSORED RESEARCH/DEVELOPMENT Not Applicable BACKGROUND Due to safety and security concerns, vehicle manufacturers typically limit access to a vehicle's electronic control unit(s) (ECU) and other onboard computer systems. For instance, a third-party scan tool or other diagnostic tool may be able to connect to the vehicle (e.g., via a data port) in order to download diagnostic trouble codes (DTC) from the ECU but may be unable to send commands to the ECU as may be required for more advanced diagnostics. The original equipment manufacturer (OEM) may prefer to limit such functionality to known, identified users in order to implement two-factor authentication. In the case of a non-dealer user attempting to access an engine immobilizer or reprogram a key, for example, a first authentication factor may be the OEM's scan tool requiring the user to have an authentic account or license to be able to use the needed software/program, and a second authentication factor may be the user providing a Vehicle Security Professional (VSP) authentication code in order to prove that he/she is a certified technician as managed by the National Automotive Service Task Force (NASTF) as part of its Secure Data Release Model (SDRM). In order for the OEM's scan tool to authenticate the user (as in the above example of a first authentication factor), the manufacturer may install needed data and/or algorithms for authorizing access to the ECU directly to an integrated microprocessor inside the scan tool, effectively requiring the advanced user to connect to the vehicle using the vehicle manufacturer's own diagnostic tool. See, e.g., U.S. Pat. No. 9,280,653, entitled “Security Access Method for Automotive Electronic Control Units,” owned by GM Global Technology Operations LLC. Unfortunately, except in exceptional circumstances such as accessing an engine immobilizer or reprogramming a key that may require NASTF certification, such manufacturer-installed algorithms do not support two-factor authentication. In addition, the technical limitation of pre-installing the necessary data/algorithms in the scan tool puts a burden on the automotive service industry, as a mechanic may be required to own and maintain many different diagnostic tools corresponding to each type of vehicle. Moreover, since aftermarket diagnostic tools including the most advanced features may have no way of accessing the necessary functionality of the ECU, the customers of the vehicle manufacturers are often unable to take advantage of the latest advances in vehicle diagnostics. While contractual agreements and other business solutions to this problem may to some degree allow vehicle manufacturers to incorporate third-party diagnostics in their proprietary scan tools, what is needed is a technical solution to the underlying security concern of authenticating a third-party diagnostic tool. BRIEF SUMMARY One aspect of the embodiments of the present disclosure is a method of supporting secure access to an electronic control unit (ECU) of a vehicle. The method may comprise receiving, from a diagnostic tool connected to the vehicle, encrypted data including an ECU address corresponding to the ECU, vehicle identification information of the vehicle, and a security seed, decrypting the encrypted data, retrieving, from a database, an initialization vector based on the ECU address and the vehicle identification information, calculating a security key based on the initialization vector and the security seed using an application programming interface (API) associated with an original equipment manufacturer (OEM) of the ECU, encrypting the security key, and sending the encrypted security key to the diagnostic tool to be decrypted and used by the diagnostic tool to gain secure access to the ECU. The encrypted data may further include a global unique identification number (GUID) of the diagnostic tool. The method may comprise validating the GUID prior to retrieving the initialize vector from the database. The retrieving of the initialization vector from the database may include finding a match in the database corresponding to the ECU address and the vehicle identification information. The vehicle identification information may include a year, make, and model of the vehicle. The calculating of the security key may be further based on an encrypted fixed byte associated with the initialization vector. The method may comprise, prior to the calculating of the security key, decrypting the encrypted fixed byte using the initialization vector and a secret key. The decrypting, the retrieving, the calculating, the encrypting, and the sending may proceed autonomously in response to the receiving of the encrypted data from the diagnostic tool. Another aspect of the embodiments of the present disclosure is a computer program product comprising one or more non-transitory program storage media on which are stored instructi