Depending on the word width of the ID key and the frequency with which the message is sent, overruns of the counter value might be expected in the message, which would lead to repeated transmission of the encrypted message. To avoid this, the ID key also gets a validity time period. When this period expires, the receiver must generate a new value and communicate it to the sender. Immediately after receiving a new ID key, the sender transmits the encrypted message. This means that the receiver is also able to initiate the repetition of a message, such as if the received ID key does not agree with the internal key, and this reduces latency times. The sending node receives and considers new ID key messages for a time T(offset), but to avoid an overload of the bus system such messages do not immediately lead to resending of the encrypted message. To stabilize the protocol, the receiving side uses the timer T(Resent) to monitor the response of the sender with the new counter value. If it does not get an acknowledgment message from the sender, the receiver generates a new ID key and resends it. This makes it possible to detect even a brief failure of the sending ECU and to shorten the time for resending. It also avoids storage of the ID key in nonvolatile memory.
Data Transmission with CAN FD without segmentation
There is a significant disadvantage associated with segmented data transmission in CAN over the ISO-15765 transport protocol. Transmission time is increased, and this method is restricted to a fixed 1:1 relationship, because segmented data transmission over ISO-15765 is very difficult to implement with multiple nodes. CAN FD, on the other hand, enables simultaneous transmission of the entire encrypted message to multiple receivers . Each receiver needs the same symmetrical key to decrypt the encrypted message. Two variants of the ID key for authentication come into consideration: either all receivers will use a commonly agreed value, or all receivers independently generate and send their ID key to the sender. The sender manages all counters and appends them to the data message. The positions of the counter values within the encrypted message must be uniquely assigned to the receivers. Figure 2 shows data transmission for multiple receivers. First, the receivers transmit their randomly generated start values to the sender. The sender then increments all ID keys for each send cycle and insert them into the encrypted message at the predefined positions. The relevant receiver then checks its ID key and accepts the data or rejects it (Figure 2).
Figure 2: ID keys of multiple receivers in the use of CAN-FD. For better resolution click here.
However, as the number of receivers increases, this reduces the message space that remains for user data. The number of these data bytes is also highly dependent on the selected word width of the ID key. We can still apply the communication timing from figure 1.. It only requires a modification for the sender when receiving the ID key. Instead of immediately transmitting the encrypted message, the sender waits for a configurable time T(IdKeyReply) to allow time for any other ID key messages from other receivers. The special case T(IdKeyReply)=0 covers the original method via CAN.