This disclosure generally relates to an automotive device used for controlling an engine, and more particularly relates to communicating an authentication code from the device to the engine controller to determine that an automotive device such as an oxygen sensor is an authentic automotive device, i.e. is not a counterfeit automotive device.
In order for vehicles to comply with emission regulations, it is important that automotive devices such as sensors, actuators, and controllers used by the vehicle emission control systems are authentic. That is, that the devices meet original-equipment-manufacturer (OEM) performance and quality specifications, and are not unauthorized copies, sometimes referred to as black-market automotive parts, parts that may not meet the OEM specifications. It has been suggested that identification codes be stored in the automotive device so that when a replacement device is installed on an emission control system, an engine controller of that system can be operated by an external device such as a lap-top computer into a learn mode in order to recognize the new identification code. However, this is undesirable because of the added cost and complexity of providing and operating the external device.
Also, it is recognized that some automotive devices (e.g. sensors, actuators) used on engines exhibit enough inherent variability due the materials and/or processes used to manufacture the devices that further processing (e.g. calibration) to minimize that variability is necessary. It has been suggested that calibration information could be stored in the automotive device in the same manner as the above mentioned identification code, and that calibration information could be used to correct or compensate automotive device. Unfortunately, it may be possible for third parties to either copy, defeat, or modify the calibration information in order to change the operation of the sensor, or duplicate the calibrations in order to fabricate parts that are not authentic.
In accordance with one embodiment, an automotive device configured to cooperate with an engine controller for controlling an engine is provided. The automotive device is equipped with a memory configured to communicate an identification code of the device to an engine controller. The memory is also configured to communicate an authentication code to the engine controller. The authentication code is based on the identification code and an encryption algorithm.
In accordance with one embodiment, an engine control system is provided. The engine control system includes an engine controller and an automotive device. The automotive device is configured to cooperate with the engine controller for controlling an engine. The automotive device includes a memory configured to communicate an identification code of the device to the engine controller, and communicate an authentication code to the engine controller. The authentication code is based on the identification code and an encryption algorithm.
In another embodiment, a method of authenticating an automotive device connected to an engine control system is provided. The method includes the step of providing a memory configured to store an identification code of an automotive device. The method also includes the step of storing an authentication code in the memory. The authentication code is based on the identification code and an encryption algorithm. The method also includes the step of determining a verification code by an engine controller connected to the automotive device. The verification code is based on the identification code. The method also includes the step of comparing the authentication code to the verification code. The method also includes the step of and indicating that the automotive device is not authentic if the authentication code does not correspond to the verification code.
Further features and advantages will appear more clearly on a reading of the following detailed description of the preferred embodiment, which is given by way of non-limiting example only and with reference to the accompanying drawings.
The present invention will now be described, by way of example with reference to the accompanying drawings, in which:
Described herein is a way to verify that an automotive device such as an oxygen sensor is authentic. As used herein, authentic means that there is evidence that the automotive device was manufactured or supplied by a known or authorized entity. If the part is authentic, then the expectation is that a vehicle emission control system will control an engine in such a way as to not produce excessive emissions. Also, as will become apparent in the description that follows, authenticating an automotive device will be automatic, meaning that a new or replacement device can be installed without special equipment (e.g. laptop computer), or special skills to operate the special equipment.
The engine controller 12 may include a processor such as a microprocessor or other control circuitry as should be evident to those in the art. The engine controller 12 may include memory, including non-volatile memory, such as electrically erasable programmable read-only memory (EEPROM) for storing one or more routines, thresholds and captured data. The one or more routines may be executed by the processor to perform steps for determining if signals received by the engine controller 12 for controlling the system 10 as described herein. Typically, the engine controller 12 receives signals from one or more automotive device 14. The automotive device 14 may be any one of various sensors configured to monitor or detect a parameter (e.g. temperature, pressure, position, speed, exhaust gas composition, etc.), or actuators (e.g. fuel injector EGR valve, throttle position, cam angle, etc.).
In this non-limiting example, the automotive device 14 includes a sensor 16, such as an exhaust oxygen sensor (EOS), and so is configured to output a parameter signal 44 indicative of an engine parameter, in this example exhaust gas composition. The sensor 16 may be part of a sensor assembly 18 that may include memory 20. The memory 20 may be configured to store a sensor identification code 22 and/or calibration information 24. The sensor identification code 22 may be, or include a serial number, date code, manufacturing part number, manufacturing site information, or any other information that may be useful to track or classify the sensor 16 and/or the sensor assembly 18. The calibration information 24 may include, for example, one or more correction coefficients useful to compensate raw sensor data 48 output by the sensor 16 so that an engine parameter (e.g. exhaust gas composition) detected by the sensor 16 can be accurately known by the engine controller 12. The correction coefficients may be piecewise linear coefficients useful to compensate the raw sensor data 48 in a piecewise linear fashion, or they may be temperature compensation values as will be understood by those skilled in the art. The memory 20 may be configured to communicate the sensor identification code 22 and/or the calibration information 24 of the automotive device 14 directly to the engine controller 12, or the information may be processed and/or buffered by a sensor controller 26.
The sensor controller 26 is an optional part of the system 10 that is generally configured to provide an interface between the engine controller 12 and the sensor 16. By way of example and not limitation, the raw sensor data 48 may be an analog voltage type signal, and the sensor controller 26 may transform that analog signal into a digital form that can be sent to the engine controller 12 on a controller area network (CAN) connection or CAN Bus 28. The sensor controller 26 may also be configured to receive the calibration information 24 from the sensor assembly 18 and use that calibration information to correct, compensate, or otherwise adjust the engine parameter indicated by the raw sensor data 48 from the sensor 16. Like the engine controller 12, the sensor controller 26 may include a processor 30 such as a microprocessor or other control circuitry as should be evident to those in the art. The sensor controller 26 may include memory configured to store a controller identification code 32. Like the sensor identification code 22 in the sensor assembly 18, the controller identification code 32 may include a serial number, manufacturing date, or part number of the sensor controller 26. One or more routines may be executed by the processor 30 to perform steps for determining signals to be sent to the engine controller 12 as described herein.
The sensor assembly 18 and/or the sensor controller 26 may also be configured to determine and/or communicate an authentication code 34a, 34b to the engine controller 12 for the purpose of establishing or verifying the authenticity of the automotive device 14. In order to make it difficult to copy, counterfeit, or otherwise duplicate the automotive device 14, the authentication code 34a, 34b may be, for example, generated by an encryption algorithm 36 that uses the sensor identification code 22 and/or the controller identification code 32 as a seed value for the encryption algorithm 36. The encryption algorithm 36 may be software executed by the processor 30, or a hardware based component, or a combination of hardware and software, and numerous encryption algorithms are known in the art. It should be recognized that the authentication code 34a, 34b would be uniquely matched to whatever identification code was used as a seed value for the encryption algorithm. It may be advantageous to store the same value as the authentication code 34a and the authentication code 34b so that once the sensor assembly 18 and the sensor controller 26 are assembled to form the automotive device 14, the two parts cannot be separately replaced or independently duplicated.
In order for the engine controller 12 to be able to authenticate the automotive device 14 so the automotive device 14 can to cooperate with the engine controller 12 for controlling an engine, the engine controller 12 may also be equipped with a complementary encryption algorithm 38 configured to generate a verification code 40 that can compared to the authentication code 34a or 34b. In one embodiment, the sensor identification code 22 and/or the controller identification code 32, or a combination of the two identification codes may be communicated to the engine controller 12, along with the authentication code 34a and/or 34b, where the complementary encryption algorithm 38 may use the communicated identification code as a seed value. Then, by way of example and not limitation, the encryption algorithm 36 and the complementary encryption algorithm 38 may be configured so the authentication code 34a, 34b, or combination thereof exactly matches the verification code 40. Alternatively, codes may not exactly match, but when combined in some manner such as addition or subtraction, the resulting combination is readily examined to determine or verify that the automotive device 14 is authentic.
By using the identification codes (22, 32) as a seed value for the complementary encryption algorithm 38, the engine controller 12 is able to determine the authenticity of the automotive device 14 without any supporting action from some other means such as using a lap top computer to operate the engine controller 12 into a learn mode. It should be recognized that the specifics of the encryption algorithm 36 and the complementary encryption algorithm would be held in secret by the manufacturer or supplier of the automotive device in order to prevent counterfeiting of the automotive device 14.
In another embodiment the calibration information 24 may be used as a seed value for the encryption algorithm 36 and complementary encryption algorithm 38, either alone or in combination with the sensor identification code 22 and/or the controller identification code 32. Adding the calibration information 24 to the identification codes increases the number of digits or length of the seed value, and so increases the security of the authentication code 34a and/or 34b, and the verification code 40 by way of increased complexity.
The example illustrated in
Step 310, PROVIDE MEMORY, may include providing a memory 20 configured to store a sensor identification code 22 of an automotive device 14. In one embodiment, the memory 20 may be located in a sensor assembly 18 that only includes the memory 20 and a sensor 16. With this arrangement the sensor 16 can be tested, the raw sensor data 48 may then be compared to an expected sensor profile, and the calibration information 24 indicative of the difference between the raw sensor data 48 and the expected profile can be stored. This calibration process may also include assigning a serial number, date code, or other tracking information to the sensor assembly 18 being calibrated or tested, and storing that information in the form of a sensor identification code 22 in the memory 20.
Step 320, DETERMINE IDENTIFICATION CODE, may include the sensor controller 26 being electrically coupled to the sensor assembly 18 so that the sensor identification code 22 can be recalled from the memory 20 and used as a seed value for the encryption algorithm 36 to determine an authentication code 34a or 34b and store that authentication code either in the sensor assembly 18 or the sensor controller 26. The step 320 is generally part of a manufacturing process of the automotive device 14, and so is understood to be distinct from step 360 described below. In an alternative embodiment the controller identification code 32 may be used instead of or in conjunction with the sensor identification code 22 to provide a seed value for the encryption algorithm 36.
Step 330, DETERMINE CALIBRATION INFORMATION, is an optional step that may include recalling calibration information 24 for the automotive device 14 for use as a seed value for the encryption algorithm 36 to determine an authentication code 34a or 34b. The calibration information 24 may be used instead of, or in combination with, the sensor identification code 22 and/or the controller identification code 32, and store that authentication code either in the sensor assembly 18 or the sensor controller 26. By combining the calibration information 24 with the sensor identification code 22 and/or the controller identification code 32, the uniqueness of the seed value is increased and so overall security of automotive device 14 may be increased.
Step 340, STORE AUTHENTICATION CODE, may include storing an authentication code 34b in the memory 20. As suggested above, the authentication code 34b may be based on any combination of the sensor identification code 22, the controller identification code 32, and the calibration information 24. Alternatively, the authentication code 34a may be stored in the sensor controller 26 in addition to, or instead of, the authentication code 34b. By redundantly storing the same value as the authentication code 34a and the authentication code 34b, the sensor assembly 18 and the sensor controller 26 are matched and so cannot be independently replaced with a counterfeit part. The prior steps generally describe a manufacturing, calibration, or assembly process for forming the automotive device, while the following steps generally describe steps that occur after the automotive device 14 is electrically coupled with the engine controller 12 either as part of an initial vehicle assembly, or as part of installing a replacement of the automotive device 14 in the vehicle.
Step 350, COMMUNICATE DATA, may include the automotive device 14 communicating any combination of the sensor identification code 22, the controller identification code 32, the calibration information 24, the authentication code 34a, and the authentication code 34b to the engine controller.
Step 360, DETERMINE VERIFICATION CODE, may include determining a verification code 40 by an engine controller 12 connected to the automotive device 14, wherein said verification code 40 is based on any combination of the sensor identification code 22, the controller identification code 32, the calibration information 24, the authentication code 34a, and the authentication code 34b to the engine controller.
Step 370, AUTHENTICATION CODE=VERIFICATION CODE?, may include comparing the authentication code 34a and/or 34b to a verification code 40. The comparison may determine if the values of the codes are equal, or determine that when the values are combined an expected result is determined. If the test result is NO, e.g. the authentication code 34a and/or 34b does not match the verification code 40, then there is an indication that the automotive device 14 is not authentic, i.e. is a counterfeit part. In this case the method 300 proceeds to step 380. If the test result is YES, the method 300 proceeds to step 390.
Step 380, INDICATE NOT AUTHENTIC, may include indicating that the automotive device 14 is not authentic by activating a ‘service engine soon’ indicator, or preventing the engine from running.
Step 390, OPERATE ENGINE, may include allowing the engine to operate.
Accordingly, an automotive device 14 that can be automatically authenticated, a system 10 of authenticating an automotive device, and a method 300 of authenticating an automotive device is provided. It may preferable that the automotive device 14 be authenticated every time the vehicle engine is started, however it is recognized that other intervals and events may be suitable for performing the authentication test described herein. Authenticating the automotive device 14 is desirable because it helps to prevent counterfeiting or make the automotive device 14 tamper resistant, particularly with regard to unauthorized changing or duplication of the calibration information 24. Advantageously, authenticating the automotive device 14 will be done autonomously by the engine controller 12 without prompting by a technician using special equipment such as a laptop computer.
The confidential encryption algorithm 36 may alternatively reside within the manufacturing equipment used to assemble and/or calibrate the automotive device 14 in order to generate the authentication code 34a, 34b. The same or complementing confidential encryption algorithm may reside in the sensor controller 26 to read the memory 20 contents and calculate a corresponding authentication code 34a, 34b. The comparison of the engine controller 12 calculated verification code 40 may be by way of reading the authentication code 34a or 34b read from the memory 20 that may contain a non-alterable unique ID number.
While this invention has been described in terms of the preferred embodiments thereof, it is not intended to be so limited, but rather only to the extent set forth in the claims that follow.