ECU diagnostic access system, method, apparatus, and storage medium

By generating random seed and scenario-based label security levels through the interaction process between the diagnostic tool and the ECU, and combining them with a preset seed key algorithm, the problems of poor key isolation and imperfect anomaly handling are solved, thus achieving high security and compatibility for ECU diagnostic access.

CN122372201APending Publication Date: 2026-07-10WUHAN JIANGXIA CHUNENG AUTOMOBILE TECHNOLOGY R&D CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
WUHAN JIANGXIA CHUNENG AUTOMOBILE TECHNOLOGY R&D CO LTD
Filing Date
2026-05-25
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing ECU diagnostic access solutions suffer from poor key isolation, making them susceptible to key reuse and replay attacks. This makes it difficult to meet the ISO/SAE21434 automotive-grade information security requirements, and the anomaly handling mechanism is inadequate, resulting in security and compatibility issues that are difficult to adapt to mass production needs.

Method used

By employing the interaction process between the diagnostic instrument and the ECU, and generating random seeds and scenario-based label security levels, combined with a preset seed key algorithm, independent isolation and multi-dimensional verification of keys are achieved. Anti-replay and anti-sequence attack designs are incorporated, and the anomaly handling process is optimized.

Benefits of technology

It improves the security and compatibility of ECU diagnostic access, ensures independent isolation of keys at different levels, prevents key reuse and replay attacks, optimizes anomaly handling, and makes secure access feasible.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122372201A_ABST
    Figure CN122372201A_ABST
Patent Text Reader

Abstract

This invention discloses an ECU diagnostic access system, method, device, and storage medium. The system includes a diagnostic instrument and an ECU. The diagnostic instrument sends a RequestSeed sub-function command to the ECU. The ECU parses the RequestSeed sub-function command, identifies the level identifier, and generates a random seed based on the current timestamp using a deterministic random number generator. The ECU then sends the level identifier and the random seed to the diagnostic instrument. The diagnostic instrument matches the corresponding scenario-based Label security level and master key according to the level identifier, generates a Send key using a preset seed key algorithm, and sends the Send key to the ECU. The ECU verifies and compares the Send key and the authentication key. If they match, the ECU unlocks the access permission for the scenario-based Label security level and allows service access. This invention combines scenario-based identifiers to achieve differentiated key derivation, thereby achieving both practicality and high security for secure access.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of secure access technology, and in particular to an ECU diagnostic access system, method, device, and storage medium. Background Technology

[0002] The 0x27 service is the core security mechanism of Unified Diagnostic Services UDS (ISO 14229). Existing UDS 0x27 security access solutions mostly use a single key or simple hierarchical division, which has poor key isolation and is prone to security risks such as key reuse and replay attacks, making it difficult to meet the ISO / SAE21434 automotive-grade information security requirements.

[0003] Meanwhile, the traditional solution has an imperfect anomaly handling mechanism, making it difficult to adapt the security and compatibility of electronic control unit (ECU) diagnostic access to mass production requirements.

[0004] The above content is only used to help understand the technical solution of the present invention and does not represent an admission that the above content is prior art. Summary of the Invention

[0005] The main objective of this invention is to provide an ECU diagnostic access system, method, device, and storage medium, aiming to solve the technical problem of how to improve the security and compatibility of ECU diagnostic access.

[0006] To achieve the above objectives, the present invention provides an ECU diagnostic access system, the system comprising a diagnostic instrument and an ECU; The diagnostic tool is used to send the RequestSeed sub-function command to the ECU; The ECU is used to parse the RequestSeed sub-function instruction to identify the level identifier, generate a random seed based on the current timestamp using a deterministic random number generator, and send the level identifier and the random seed to the diagnostic instrument. The diagnostic instrument is also used to match the corresponding scenario-based Label security level and master key according to the level identifier, and generate a Send key based on the scenario-based Label security level, the master key and the random seed through the preset seed key algorithm; The diagnostic instrument is also used to generate a SendKey request based on the Send key and send the SendKey request to the ECU; The ECU is also used to parse the SendKey request, read the Send key, verify and compare the Send key and the authentication key, and if they match, unlock the access permissions of the security level of the scenario label to access the service.

[0007] Optionally, after the ECU sends the grade identifier and the random seed to the diagnostic tool, it further includes: The ECU is also used to call the corresponding scenario-based Label security level and master key according to the level identifier, and generate an authentication key based on the scenario-based Label security level, the master key and the random seed through a preset seed key algorithm.

[0008] Optionally, the preset seed key algorithm is:

[0009]

[0010] In the formula, For authentication key, Master key For counter, For security level, For context, As a separator, For the length of the derived key, Use a random seed. This is a level identifier.

[0011] Optionally, the diagnostic tool, before sending the RequestSeed sub-function command to the ECU, further includes: The diagnostic tool is used to send a session switching command to the ECU; The ECU is used to perform legality verification and level matching verification of the session sub-function based on the switching session command; The ECU is also used to switch to the corresponding session after a successful verification and send a session switching success command to the diagnostic instrument. The diagnostic instrument is also used to generate a RequestSeed sub-function instruction when it receives a session switching success instruction.

[0012] Optionally, after the ECU generates a random seed based on the current timestamp using a deterministic random number generator, it further includes: The ECU is also used to determine whether the random seed meets the weak random condition; if so, the random seed is determined to be a weak random number, the random seed is discarded, and a new random seed is generated.

[0013] Optionally, the ECU is further configured to parse the SendKey request and read the Send key, including: The ECU is further configured to parse the SendKey request to obtain the sub-function identifier, key length, and seed validity period; verify the pairing of the sub-function identifier, the consistency of the key length, and the validity of the seed validity period respectively; and read the Send key when the pairing verification, consistency verification, and validity verification are successful.

[0014] Optionally, the ECU is further configured to, after verifying and comparing the Send key and the authentication key, also include: The ECU is also used to count the number of inconsistencies if the comparison is inconsistent; determine whether the number of inconsistencies has reached a preset threshold; if so, lock the access permissions of the security level of the scenario label.

[0015] Furthermore, to achieve the above objectives, the present invention also proposes an ECU diagnostic access method, which includes the following steps: Upon receiving the RequestSeed sub-function instruction sent by the diagnostic instrument, the RequestSeed sub-function instruction is parsed to identify the level identifier, and a random seed is generated based on the current timestamp using a deterministic random number generator; The level identifier and the random seed are sent to the diagnostic instrument, so that the diagnostic instrument matches the corresponding scenario-based label security level and master key according to the level identifier, generates a Send key based on the scenario-based label security level, the master key and the random seed through the preset seed key algorithm, generates a SendKey request based on the SendKey, and sends the SendKey request back to the ECU. The SendKey request is parsed, the Send key is read, and the Send key and authentication key are verified and compared. If they match, the access permissions of the security level of the contextual label are unlocked to allow service access.

[0016] Furthermore, to achieve the above objectives, the present invention also proposes an ECU diagnostic access device, the device comprising: a memory, a processor, and an ECU diagnostic access program stored in the memory and executable on the processor, the ECU diagnostic access program being configured to implement the steps of the ECU diagnostic access method as described above.

[0017] Furthermore, to achieve the above objectives, the present invention also proposes a storage medium storing an ECU diagnostic access program, which, when executed by a processor, implements the steps of the ECU diagnostic access method as described above.

[0018] This invention discloses an ECU diagnostic access system, which includes a diagnostic tool and an ECU. First, the diagnostic tool sends a RequestSeed sub-function command to the ECU. Then, the ECU parses the RequestSeed sub-function command to identify the level identifier. Based on the current timestamp, it generates a random seed using a deterministic random number generator and sends the level identifier and the random seed to the diagnostic tool. Next, the diagnostic tool matches the corresponding scenario-based label security level and master key according to the level identifier. Based on the scenario-based label security level, master key, and random seed, it generates a Send key using a preset seed key algorithm. Based on the Send key, it generates a SendKey request and sends the SendKey request to the ECU. Finally, the ECU parses the SendKey request, reads the Send key, and verifies and compares the Send key with the authentication key. If they match, the access permission for the scenario-based label security level is unlocked to access the service. This invention uses security level identifiers as the core link to achieve full parameter linkage of the protocol layer, key derivation layer, and control layer, ensuring independent isolation of keys of different levels. It combines a preset seed key algorithm with a multi-dimensional verification mechanism, incorporates anti-replay and anti-sequence attack designs, and optimizes the anomaly handling process to achieve the feasibility and high security of secure access. Attached Figure Description

[0019] Figure 1 This is a structural block diagram of the first embodiment of the ECU diagnostic access system of the present invention; Figure 2 This is a general flowchart of data interaction in the first embodiment of the ECU diagnostic access system of the present invention; Figure 3 This is a schematic diagram of the structure of the ECU diagnostic access device in the hardware operating environment involved in the embodiments of the present invention; Figure 4 This is a flowchart illustrating the first embodiment of the ECU diagnostic access method of the present invention.

[0020] The realization of the objective, functional features and advantages of the present invention will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation

[0021] It should be understood that the specific embodiments described herein are for illustrative purposes only and are not intended to limit the scope of the invention.

[0022] Reference Figure 1 and Figure 2 , Figure 1 This is a structural block diagram of the first embodiment of the ECU diagnostic access system of the present invention. Figure 2 This is a general flowchart of data interaction for the first embodiment of the ECU diagnostic access system of the present invention.

[0023] like Figure 1 As shown, the ECU diagnostic access system proposed in this embodiment of the invention includes a diagnostic instrument 1001 and an ECU 1002: It should be noted that the diagnostic tool sends a session switching command to the ECU; the ECU performs a legality check and a level matching check on the session sub-function based on the session switching command. After the check is successful, it switches to the corresponding session (such as 0x02 programming session, 0x03 extended diagnostic session, 0x04 default programming session) and sends a session switching success command to the diagnostic tool; when the diagnostic tool receives the session switching success command, it generates a RequestSeed sub-function command.

[0024] In the specific implementation, the diagnostic tool sends a session switching command (i.e., the UDS0x10 command) to the ECU. The ECU parses the service ID 0x10 and the sub-function (session type). It verifies the validity of the session sub-function (0x02 / 0x03 / 0x04) and its match with the level. If an exception occurs, it returns NRC0x12 (sub-function not supported), 0x11 (service unavailable), or subsequently NRC0x7E (session mismatch). It verifies whether the sub-function is in {0x02,0x03,0x04}, otherwise it returns NRC 0x12; it looks up the allowed sessions according to the level identifier, compares the current session, and returns NRC 0x7E if they do not match.

[0025] The sub-functions are odd numbers corresponding to the security levels. Specifically, the mappings are: Level 1 / 2 → 0x02, Level 3 → 0x03, Level 4 / 5 → 0x04. Refer to Table 1 for the sub-function and security level mappings. Table 1

[0026] It should be understood that 0x12: The requested sub-function is not in {0x02,0x03,0x04}, or the format is incorrect. 0x11: The ECU state is not initialized, resources are insufficient, self-test failed, high-priority task is locked, etc., preventing the execution of service 0x10. 0x7E: The current session is not the default session and cannot be directly switched to the requested session.

[0027] Furthermore, the diagnostic tool 1001 is used to send the RequestSeed sub-function instruction (i.e., 0x27+RequestSeed sub-function instruction) to the ECU 1002.

[0028] ECU1002 is used to parse the RequestSeed sub-function instruction to identify the level identifier, generate a random seed based on the current timestamp using a deterministic random number generator, and send the level identifier and the random seed to the diagnostic tool.

[0029] The ECU requests a direct mapping from the Seed sub-functions (odd-numbered codes) requested by UDS 0x27: 0x01 → Level 1, 0x03 → Level 2, 0x11 → Level 3, 0x35 → Level 4, 0x41 → Level 5, where the level identifier value equals the sub-function value. A lookup table {0x01, 0x03, 0x11, 0x35, 0x41} is used; if not found in the list, NRC0x12 is returned. Next, it checks whether the current diagnostic session supports the requested security level (e.g., Level 3 only supports programming sessions). If not, a negative response code 0x7E is returned (the sub-function is not supported in the current session); if supported, execution continues (i.e., generating a random Seed). A level lockout status is also required: each level independently maintains a failure counter (threshold 5) and a lockout duration (30 minutes). If is_locked == true or fail_counter >= 5, NRC0x36 is returned. During the lockout period, all Seed requests are rejected.

[0030] In the specific implementation, the ECU generates a 16-byte Seed, stores it in the safety RAM, starts a 30-second timer, and returns a positive response (0x67 + sub-function + Seed). The Seed generation, storage, and timer start status are verified, and an exception is returned as NRC0x11 or 0x22.

[0031] It should be understood that the ECU calls CTR_DRBG to generate a 16-byte random number as the Seed. The current timestamp can be optionally appended as additional input during the generation process to increase randomness.

[0032] The ECU also needs to determine whether the random seed meets the weak randomness condition (i.e., all 0s or all 1s). If so, the random seed is determined to be a weak random number, and is then discarded and regenerated.

[0033] The diagnostic instrument 1001 is also used to match the corresponding scenario-based label security level and master key according to the level identifier, and generate a Send key based on the scenario-based label security level, master key and the random seed through a preset seed key algorithm.

[0034] It should be noted that the ECU and the diagnostic tool synchronously perform the CKDF+AES-128CMAC operation (i.e., the preset seed key algorithm).

[0035] The process verifies the parameter format and operation status. If any abnormality is found, the process terminates, returning NRC0x11 or causing subsequent comparisons to fail. Specifically, parameter format verification includes: Label length 10 bytes matching the level; KI not all zeros / all Fs and valid integrity; Seed not all zeros; ECUID not all zeros; level identifier within the allowed range; padding bits: first byte 0x80 followed by 10 bytes 0x00; final 46 bytes of input: Counter=0x01, Separator=0x00, L=0x0080. Operation status verification checks whether DRBG is ready, AES hardware / software is error-free, and CMAC operation is successful. Any failure returns NRC0x22 or 0x11 and clears temporary data.

[0036] In its specific implementation, the ECU is also used to call the corresponding scenario-based Label security level and master key according to the level identifier, and generate an authentication key based on the scenario-based Label security level, master key and random seed through a preset seed key algorithm.

[0037] The default seed key algorithm is:

[0038]

[0039] In the formula, For authentication key, Master key For counter, For security level, For context, As a separator, For the length of the derived key, Use a random seed. This is a level identifier.

[0040] It should be noted that KI = master key (128 bits, R&D default value: 0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F), Label = "UDS27_AUTH" (ASCII, 10 bytes) (0x55 0x44 0x53 0x32 0x37 0x5F 0x41 0x55 0x54 0x48 (corresponding to "UDS27_AUTH")), Context = Seed (16B) + security level identifier (1B).

[0041] The total length after concatenation is 46 bytes, which is used as input data for the AES-128 CMAC algorithm (48 bytes after padding according to RFC4493), and finally outputs a 16-byte key.

[0042] In the specific implementation, refer to Tables 2 and 3, where Table 2 is the security level identifier mapping table and Table 3 is the label mapping table: Table 2

[0043] Table 2

[0044] The diagnostic tool 1001 is also used to generate a SendKey request based on the Send key (i.e., 0x27 + Send Key sub-function + 16-byte Key instruction) and send the SendKey request to the ECU 1002.

[0045] The sub-function is an even number corresponding to the security level (RequestSeed sub-function + 1, i.e., 0x02, 0x04, 0x12, 0x36, 0x42).

[0046] ECU1002 is also used to parse SendKey requests, read Send keys, verify and compare Send keys and authentication keys. If they match, it unlocks the access permissions of the contextualized Label security level to access services.

[0047] In this embodiment, the process of parsing the SendKey request and reading the Send key is as follows: Parse the SendKey request to obtain the sub-function identifier, key length, and Seed validity period; verify the pairing of the sub-function identifier, the consistency of the key length, and the validity of the Seed validity period respectively; and read the Send key when the pairing verification, consistency verification, and validity verification are successful.

[0048] After the ECU verifies and compares the Send key and the authentication key, it also counts the number of times the comparison is inconsistent if they are inconsistent; determines whether the number of times has reached a preset threshold; if so, it locks the access permissions of the contextual label security level.

[0049] Validity check: If the SendKey is not received within 30 seconds of Seed generation, clear the temporary data, reject the request, return NRC0x22, do not accumulate the failure count, and record the relevant logs.

[0050] In the specific implementation, the ECU reads the Auth_Key (i.e., the authentication key) and compares it byte by byte with the Key (i.e., the Send key) (fixed every 10ms to prevent timing attacks). If they match, the corresponding level of permissions is unlocked and the failure counter is reset; if they do not match, the counter is incremented by 1, and a 30-minute lock is initiated when the threshold is reached. An exception returns NRC0x22, 0x35 (invalid key), or 0x36.

[0051] The ECU returns a positive response (match successful) or a corresponding NRC (match failed), and simultaneously encrypts and records an audit log (including timestamp, level, operation result, etc.). The response format and log storage are verified; anomalies do not affect authentication but trigger a self-check.

[0052] Once authentication is successful, permissions are only valid for the current session; permissions are automatically released and temporary data is cleared when the session is disconnected, switched, or the diagnostic service is shut down. In case of an anomaly, the session will be forcibly terminated or a self-check will be triggered.

[0053] In this embodiment, the diagnostic tool first sends a RequestSeed sub-function command to the ECU. The ECU then parses the RequestSeed sub-function command to identify the security level identifier. Based on the current timestamp, it generates a random seed using a deterministic random number generator and sends the security level identifier and the random seed to the diagnostic tool. The diagnostic tool then matches the corresponding scenario-based Label security level and master key according to the security level identifier. Based on the scenario-based Label security level, master key, and random seed, it generates a Send key using a preset seed key algorithm. Based on the Send key, it generates a SendKey request and sends it to the ECU. Finally, the ECU parses the SendKey request, reads the Send key, and verifies and compares the Send key with the authentication key. If they match, the access permission for the scenario-based Label security level is unlocked for service access. This embodiment uses the security level identifier as the core link, achieving full parameter linkage across the protocol layer, key derivation layer, and control layer. This ensures independent isolation of keys at different security levels. Combined with a preset seed key algorithm and multi-dimensional verification mechanisms, it incorporates anti-replay and anti-sequence attack designs, while optimizing the anomaly handling process to achieve feasible and highly secure secure access.

[0054] Reference Figure 3 , Figure 3 This is a schematic diagram of the ECU diagnostic access device structure in the hardware operating environment involved in the embodiments of the present invention.

[0055] like Figure 3As shown, the ECU diagnostic access device may include: a processor 3001, such as a central processing unit (CPU), a communication bus 3002, a user interface 3003, a network interface 3004, and a memory 3005. The communication bus 3002 is used to enable communication between these components. The user interface 3003 may include a display screen or an input unit such as a keyboard; optionally, the user interface 3003 may also include a standard wired interface or a wireless interface. The network interface 3004 may optionally include a standard wired interface or a wireless interface (such as a Wireless-Fidelity (Wi-Fi) interface). The memory 3005 may be high-speed random access memory (RAM) or stable non-volatile memory (NVM), such as a disk storage device. Optionally, the memory 3005 may also be a storage system independent of the aforementioned processor 3001.

[0056] Those skilled in the art will understand that Figure 3 The structure shown does not constitute a limitation on the ECU diagnostic access device and may include more or fewer components than shown, or combine certain components, or have different component arrangements.

[0057] like Figure 3 As shown, the memory 3005, which serves as a storage medium, may include an operating system, a network access module, a user interface module, and an ECU diagnostic access program.

[0058] exist Figure 3 In the ECU diagnostic access device shown, the network interface 3004 is mainly used for data communication with the network server; the user interface 3003 is mainly used for data interaction with the user; the processor 3001 and the memory 3005 in the ECU diagnostic access device of the present invention can be set in the ECU diagnostic access device. The ECU diagnostic access device calls the ECU diagnostic access program stored in the memory 3005 through the processor 3001 and executes the ECU diagnostic access method provided in the embodiment of the present invention.

[0059] This invention provides an ECU diagnostic access method, referring to... Figure 4 , Figure 4 This is a flowchart illustrating the first embodiment of the ECU diagnostic access method of the present invention.

[0060] In this embodiment, the ECU diagnostic access method includes the following steps: S1, upon receiving the RequestSeed sub-function instruction sent by the diagnostic instrument, the RequestSeed sub-function instruction is parsed to identify the level identifier, and a random seed is generated based on the current timestamp using a deterministic random number generator; S2, the level identifier and the random seed are sent to the diagnostic instrument, so that the diagnostic instrument matches the corresponding scenario-based label security level and master key according to the level identifier, generates a Send key based on the scenario-based label security level, the master key and the random seed through the preset seed key algorithm, generates a SendKey request based on the SendKey, and sends the SendKey request back to the ECU; S3. Parse the SendKey request, read the Send key, verify and compare the Send key and the authentication key. If they match, unlock the access permissions of the contextualized Label security level to access the service.

[0061] Other embodiments or specific implementations of the ECU diagnostic access method of the present invention can be referred to the above system embodiments, and will not be repeated here.

[0062] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or system. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or system that includes that element.

[0063] The sequence numbers of the above embodiments of the present invention are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0064] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as read-only memory / random access memory, magnetic disk, optical disk) and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, or network device, etc.) to execute the methods described in the various embodiments of the present invention.

[0065] The above are merely preferred embodiments of the present invention and do not limit the scope of the patent. Any equivalent structural or procedural transformations made based on the description and drawings of the present invention, or direct or indirect applications in other related technical fields, are similarly included within the scope of patent protection of the present invention.

Claims

1. An ECU diagnostic access system, characterized in that, The system includes a diagnostic tool and an ECU; The diagnostic tool is used to send the RequestSeed sub-function command to the ECU; The ECU is used to parse the RequestSeed sub-function instruction to identify the level identifier, generate a random seed based on the current timestamp using a deterministic random number generator, and send the level identifier and the random seed to the diagnostic instrument. The diagnostic instrument is also used to match the corresponding scenario-based Label security level and master key according to the level identifier, and generate a Send key based on the scenario-based Label security level, the master key and the random seed through the preset seed key algorithm; The diagnostic instrument is also used to generate a SendKey request based on the Send key and send the SendKey request to the ECU; The ECU is also used to parse the SendKey request, read the Send key, verify and compare the Send key and the authentication key, and if they match, unlock the access permissions of the security level of the scenario label to access the service.

2. The system as described in claim 1, characterized in that, The ECU, after sending the grade identifier and the random seed to the diagnostic instrument, further includes: The ECU is also used to call the corresponding scenario-based Label security level and master key according to the level identifier, and generate an authentication key based on the scenario-based Label security level, the master key and the random seed through a preset seed key algorithm.

3. The system as described in claim 1 or 2, characterized in that, The preset seed key algorithm is as follows: In the formula, For authentication key, Master key For counter, For security level, For context, As a separator, For the length of the derived key, Use a random seed. This is a level identifier.

4. The system as described in claim 1, characterized in that, The diagnostic tool, before sending the RequestSeed sub-function command to the ECU, also includes: The diagnostic tool is used to send a session switching command to the ECU; The ECU is used to perform legality verification and level matching verification of the session sub-function based on the switching session command; The ECU is also used to switch to the corresponding session after a successful verification and send a session switching success command to the diagnostic instrument. The diagnostic instrument is also used to generate a RequestSeed sub-function instruction when it receives a session switching success instruction.

5. The system as described in claim 1, characterized in that, The ECU, after generating a random seed based on the current timestamp using a deterministic random number generator, further includes: The ECU is also used to determine whether the random seed meets the weak random condition; if so, the random seed is determined to be a weak random number, the random seed is discarded, and a new random seed is generated.

6. The system as described in claim 1, characterized in that, The ECU is also used to parse the SendKey request and read the Send key, including: The ECU is further configured to parse the SendKey request to obtain the sub-function identifier, key length, and seed validity period; verify the pairing of the sub-function identifier, the consistency of the key length, and the validity of the seed validity period respectively; and read the Send key when the pairing verification, consistency verification, and validity verification are successful.

7. The system as described in claim 1, characterized in that, The ECU, after verifying and comparing the Send key and the authentication key, further includes: The ECU is also used to count the number of inconsistencies if the comparison is inconsistent; determine whether the number of inconsistencies has reached a preset threshold; if so, lock the access permissions of the security level of the scenario label.

8. An ECU diagnostic access method, characterized in that, The method includes the following steps: Upon receiving the RequestSeed sub-function instruction sent by the diagnostic instrument, the RequestSeed sub-function instruction is parsed to identify the level identifier, and a random seed is generated based on the current timestamp using a deterministic random number generator; The level identifier and the random seed are sent to the diagnostic instrument, so that the diagnostic instrument matches the corresponding scenario-based label security level and master key according to the level identifier, generates a Send key based on the scenario-based label security level, the master key and the random seed through the preset seed key algorithm, generates a SendKey request based on the SendKey, and sends the SendKey request back to the ECU. The SendKey request is parsed, the Send key is read, and the Send key and authentication key are verified and compared. If they match, the access permissions of the security level of the contextual label are unlocked to allow service access.

9. An ECU diagnostic access device, characterized in that, The device includes: a memory, a processor, and an ECU diagnostic access program stored in the memory and executable on the processor, the ECU diagnostic access program being configured to implement the steps of the ECU diagnostic access method as described in claim 8.

10. A storage medium, characterized in that, The storage medium stores an ECU diagnostic access program, which, when executed by a processor, implements the steps of the ECU diagnostic access method as described in claim 8.