Am i correct with the assumption, that different diagnostic sessions and SecurityAccess/Authentication are decoupled concepts in UDS? I.e. you can secure any service behind a seed/key or PKI challenge, even the ones in the default session making them unaccessible for somebody not authorized?

I'm referring to ISO14229-1:2020

Why i came over this: The standard defines NRC 0x33 (securityAccessDenied) as a supoorted NRC for ECUReset service (0x11). However, ECUReset is available in the default session. If my above assumption was not correct this wouldn't make sense.

BUT ReadDtcInformation(0x19) is also availabe in the default session but for this service the standard does not define NRC 0x33. However, according to Annex A.1 the manufacturer may implement NRC 0x33 as an additional NRC.

If my assumption was correct, would that mean that any service that was originally available in the default session would only be available in a non-default session if it were secured? Or can I get the security access, switch back to the standard session and access the service I want?

In my opinion the standard is not very clear on that, or at least misleading (also at other parts of the standard)

Thanks for your help!

Read the standard however not clear, asked Google, did not find an answer

2

There are 2 best solutions below

0
On

As far as I would interpret the standard, you're right. Since you can change sessions without authorization, an ECU might as well send you a NRC in the default session, if you're attempting an operation you don't have authorization for.

Note that's it's uncommon, but as far as I understand it, not forbidden.

0
On

No you can not according to the Table 23 of the ISO-14229-1:2013. But you can remove the assignment of services to DefaultSession, and only assign them to other non-default sessions, including then also SecurityAccess etc needed to execute them. A service that is not assigned to a session will have a 0x7E or 0x7F (Service-/Subfunction-NotSupportedInActiveSession), e.g. in defaultSession, and in non-defaultSession without SecurityAccess (according to assigned SecurityLevel) a 0x33 SecurityAccessDenied.

As long as this table hasn't changed between 2013 and 2020 version of ISO-14229-1

enter image description here

Most services are not allowed in DefaultSession.