Description:TECHNICAL FIELD

[001] The present disclosure generally relates to generating random numbers, and more particularly, to a system and method for determining seed value for generating random numbers for authenticating automotive keys.

BACKGROUND
[002] End-of-line (EoL) testing is a crucial step in automotive manufacturing process to ensure the quality and overall functionality of automotive components during the manufacturing process. During EoL testing, vehicle access solutions provided in an automobile are tested and validated. More specifically, vehicle access solutions facilitate communication between Electronic Control Units (ECUs) placed within the automobile with mobile automotive keys such as, a master key, key fob, and the like. In order for the mobile automotive keys to communicate with the ECUs within the automobile effectively, the mobile units need to be paired with the ECUs. The mobile automotive keys include a transponder within them, which will communicate with an immobilizer placed within the ECU of the automobile for the purpose of authentication. Such communication between the ECU and the mobile automotive keys avoid the mechanical restructuring of the mobile automotive keys for adopting unauthorized means to open a locked automobile. As such, wireless pairing of the mobile units may be done using low frequency-high frequency based techniques, Bluetooth® based techniques, and the like. The pairing of the automotive key is achieved by effective communication between the transponder of the mobile automotive key and the ECU of the automobile.
[003] Conventionally, automation is incorporated at the EoL testing at the manufacturing line, which mandates automatic pairing of sequence of automotive keys having transponders with the ECUs. For enabling exclusive pairing of a mobile automotive key with corresponding ECU of the automobile during EoL testing, the transponder in the mobile automotive key is to be allotted different authentication codes to be written into their memories during the testing phase and validation phase. As such, EoL automation initiates automatic generation of authentication codes (also referred to herein as authentication keys) while pairing the automotive key with the ECU. Accordingly, at automation EoL testing, all individual automotive keys should be possessing unique authentication codes to be paired with the corresponding ECUs. The pairing process of ECU with a corresponding automotive key is sequentially executed for all the automotive keys. As such, a random number generator is used for generating random numbers that are used as authentications codes for programmed into the ECU during EoL automation for pairing with corresponding automotive key. However, after a stipulated time, same authentication keys are generated for pairing the ECUs with the automotive keys. There arises a need to generate a random number sequence corresponding to the generation of automotive authentication keys at the EoL.
[004] The issue of generating random number sequence lies in generation of a random seed value. Many applications require to generate random numbers based on pseudo random number generation algorithms. However, the seed value needs to be initialized for the pseudo number generation algorithm. The seed value has to be a random value such that malicious devices are not capable of determining the seed value and therefore not capable of generating the authentication keys. Moreover, the seed value needs to be initialized such that automated production facilities preclude two different ECUs of different automobiles possessing same authentication key, thus preventing multiple ECUs belonging to the same ECU batch generating identical random numbers defeating the security-based features for a given batch.
[005] In view of the above discussion, there is a need for generating random numbers to be used as authentication code for pairing ECU with corresponding automotive key associated with the automobile during EoL testing.
[006] The information disclosed in this background of the disclosure section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
SUMMARY
[007] In an embodiment, a method for determining a seed value for generating random numbers for authenticating automotive keys associated with automobiles is disclosed. The method includes receiving, by a processor of an Electronic Control Unit (ECU), timing information related to conversion of a plurality of analog signals to a plurality of digital signals from an Analog to Digital Converter (ADC) of the ECU. The method includes determining, by the processor, a plurality of conversion time intervals based on the timing information. Each conversion time interval of the plurality of conversion time intervals corresponds to time taken for the ADC to convert an analog signal of the plurality of analog signals to corresponding digital signal. The method includes determining, by the processor, a seed value based on at least one conversion time interval from the plurality of conversion time intervals. The seed value is used by a random number generator module of the processor for generating one or more random numbers. Each random number of the one or more random numbers facilitates authentication of an automotive key with an automobile.
[008] In another embodiment, an Electronic Control Unit (ECU) for determining a seed value for generating random numbers for authenticating automotive keys associated with automobiles is disclosed. The ECU includes an Analog to Digital Converter (ADC), a memory storing executable instructions and a processor. The ADC is configured to convert a plurality of analog signals to a plurality of digital signals. The processor is communicably coupled to the ADC and the memory. The processor is configured to execute the instructions to receive timing information related to the conversion of the plurality of analog signals to the plurality of digital signals. The processor is configured to determine a plurality of conversion time intervals based on the timing information, wherein each conversion time interval of the plurality of conversion time intervals corresponds to time taken for the ADC to convert an analog signal of the plurality of analog signals to corresponding digital signal. The processor is configured to determine a seed value based on at least one conversion time interval from the plurality of conversion time intervals. The seed value is used by a random number generator module of the processor for generating one or more random numbers. Each random number of the one or more random numbers facilitates authentication of an automotive key with an automobile.
[009] The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

[010] The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles. The same numbers are used throughout the figures to reference like features and components. Some embodiments of device and/or methods in accordance with embodiments of the present subject matter are now described, by way of example only, and with reference to the accompanying figures, in which:

[011] FIG. 1 illustrates an example representation of an environment, in which at least some example embodiments of the disclosure can be implemented;
[012] FIG. 2 illustrates an Electronic Control Unit (ECU) of an automobile for determining seed value for generating random numbers for authenticating automotive keys, in accordance with an embodiment of the present disclosure;
[013] FIG. 3 illustrates a sequence flow diagram depicting interaction between various entities in the environment for determining seed value for generating random numbers for authenticating automotive key, in accordance with an embodiment of the present disclosure;
[014] FIG. 4 is a flowchart illustrating a method of determining seed value for generating random numbers for authenticating automotive key, in accordance with an embodiment of the present disclosure; and
[015] FIG. 5 shows a block diagram of a general-purpose computer for determining seed value for generating random numbers for authenticating automotive key, in accordance with an embodiment of the present disclosure.
[016] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and executed by a computer or processor, whether or not such computer or processor is explicitly shown.

DETAILED DESCRIPTION
[017] In the present document, the word “exemplary” is used herein to mean “serving as an example, instance, or illustration”. Any embodiment or implementation of the present subject matter described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments.
[018] While the disclosure is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the disclosure to the particular forms disclosed, but on the contrary, the disclosure is to cover all modifications, equivalents, and alternative falling within the spirit and the scope of the disclosure.
[019] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a setup, device, or method that comprises a list of components or steps does not include only those components or steps but may include other components or steps not expressly listed or inherent to such setup or device or method. In other words, one or more elements in a device or system or apparatus proceeded by “comprises… a” does not, without more constraints, preclude the existence of other elements or additional elements in the device or system or apparatus.
[020] In the following detailed description of the embodiments of the disclosure, reference is made to the accompanying drawings that form a part hereof, and in which are shown by way of illustration specific embodiments in which the disclosure may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the disclosure, and it is to be understood that other embodiments may be utilized and that changes may be made without departing from the scope of the present disclosure. The following description is, therefore, not to be taken in a limiting sense.
[021] The term ‘seed value’ as used herein refers to a base value or a start value used by a random number generator to produce random numbers. In general, the seed value is used to initialize the random number generator for generating the random numbers. More specifically, the random number generator may use the seed value to initiate generation of the random numbers. For example, the random number generator may implement any pseudo random number generation algorithms known in the art based on the seed value to generate the random numbers. Such generation of the seed value for random number generators will be explained in detail with reference to FIGS. 1 to 5.

[022] FIG. 1 illustrates an example representation of an environment 100, in which at least some example embodiments of the disclosure can be implemented. The environment 100 exemplarily depicts a manufacturing facility in which vehicles such as, a vehicle 110 are tested at EoL for vehicle access functions. As such, the vehicle 110 includes an ECU 150 for controlling one or more electrical devices electrically coupled to the ECU 150. More specifically, the ECU 150 directs and controls the operation of the one or more electrical devices by providing timing and control signals. It shall be noted that only one ECU 150 is depicted for exemplary purposes and the vehicle 110 may include more than one ECU 150 for controlling one or more electrical devices or functionalities within the vehicle 110. For example, individual ECUs in the vehicle 150 may control vehicle brakes, suspension control, transmission control, manage batteries, body control modules, and the like.

[023] In an embodiment, the ECU 150 includes a random number generator module 130, The random number generator module 130 is configured to generate one or many random numbers. More specifically, the random number generator module 130 generates a number from a limited or unlimited distribution and provides it as a random number. In other words, the random number generator module 130 is a pseudo random number generator for generating the one or more random numbers.

[024] During EoL automation, the one or more random numbers may be used as authentication keys for pairing the ECU 150 with an automotive key 170 for testing of the vehicle access functions configured within the ECU 150 of the vehicle 110. The automotive key 170 is a programmable device that facilitates keyless entry to the vehicle 110. More specifically, the automotive key 170 includes a transponder 175 which is energized with one or more authentication keys from the ECU 150 for pairing with the ECU 150 during testing and validation phase. As such, the ECU 150 provides access to the vehicle 110 on authenticating the authentication keys received from the automotive key 170. Some examples of the automotive key 170 for pairing with the EU 150 of the vehicle include, but not limited to, master key, key fobs and the like. It shall be noted that the ECU 150 is depicted to be embedded within the vehicle 110, however, the ECU 150 may also be configured as an external control system electrically coupled with the vehicle for performing one or more functions as will be described herein.

[025] Various embodiments of the present disclosure disclose the ECU 150 employing a method for determining a seed value for the random number generator module 130. More specifically, the ECU 150 determines the seed value based at least one conversion time interval from a plurality of conversion time intervals for conversion of a plurality of analog signals to a plurality of digital signals. In other words, the seed value is determined from a true random spread of conversion time intervals due to manufacturing tolerances of components inherently present within the ECU 150. The seed value is used to initialize generation of the one or more random numbers which may be used as the authentication keys for pairing the ECU 150 with the automotive key 170. Generation of the seed value by the ECU 150 for generating the one or more random numbers will be explained with reference to FIGS. 2 to 5.
[026] FIG. 2 illustrates the ECU 150 for determining a seed value for generating random numbers for authenticating automotive keys associated with automobiles, in accordance with an embodiment of the present disclosure. In an embodiment, the ECU 150 is an example of the vehicle ECU as shown and explained with reference to FIG. 1. In another embodiment, the ECU 150 is a standalone control unit embodied within a computing device capable of generating authentication keys for pairing the ECU 150 with the automotive key 170. For example, the ECU 150 may be a centralized or distributed server configured to generate the authenticating keys to pair vehicle ECUs with automotive keys during EoL testing.
[027] The ECU 150 is depicted to include a processor 202, a memory 204, an Input/Output module 206, a communication interface 208 and an Analog to Digital Converter (ADC) 210. It shall be noted that, in some embodiments, the ECU 150 may include more or fewer components than those depicted herein. The various components of the ECU 150 may be implemented using hardware, software, firmware or any combinations thereof. Further, the various components of the ECU 150 may be operably coupled with each other. More specifically, various components of the ECU 150 may be capable of communicating with each other using communication channel media (such as buses, interconnects, etc.). It is also noted that one or more components of the ECU 150 may be implemented in a single server or a plurality of servers, which are remotely placed from each other.
[028] In one embodiment, the processor 202 may be embodied as a multi-core processor, a single core processor, or a combination of one or more multi-core processors and one or more single core processors. For example, the processor 202 may be embodied as one or more of various processing devices, such as a coprocessor, a microprocessor, a controller, a digital signal processor (DSP), a processing circuitry with or without an accompanying DSP, or various other processing devices including, a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like. The processor 202 includes a control module 212, a seed generator module 214 and the random number generator module 130 which are explained in detail later.
[029] In one embodiment, the memory 204 is capable of storing machine executable instructions, referred to herein as instructions 205. As such, the processor 202 is capable of executing the instructions 205 stored in the memory 204 to perform one or more operations described herein. The memory 204 can be any type of storage accessible to the processor 202 to perform respective functionalities, as will be explained in detail with reference to FIGS. 2 to 5. For example, the memory 204 may include one or more volatile or non-volatile memories, or a combination thereof. For example, the memory 204 may be embodied as semiconductor memories, such as flash memory, mask ROM, PROM (programmable ROM), EPROM (erasable PROM), RAM (random access memory), etc. and the like.
[030] In an embodiment, the processor 202 is configured to execute the instructions 205 for: (1) determining a time interval between a conversion start time and a conversion end time for converting each analog signal of a plurality of analog signals to corresponding digital signals from timing information (i.e., start of conversion and end of conversion of the analog signal), (2) scaling each interval associated with the analog signal of the plurality of analog signals to the corresponding digital signal based on a scaling factor, and (3) determining a seed value based on at least one conversion time interval from the plurality of conversion time intervals scaled with scaling factor. The processor 202 may be further configured to write the authentication keys into the automotive key 170 for facilitate pairing of the automotive key 170 with the ECU 150 of the vehicle 110.
[031] In an embodiment, the I/O module 206 may include mechanisms configured to receive inputs from and provide outputs to peripheral devices such as, the automotive key 170 for authentication (i.e., facilitating keyless access of the vehicle 110) and/or an operator of the ECU 150. The term ‘operator of the ECU 150’ as used herein may refer to one or more individuals, whether directly or indirectly, associated with managing the ECU 150. To enable reception of inputs and provide outputs to the ECU 150, the I/O module 206 may include at least one input interface and/or at least one output interface. Examples of the input interface may include, but are not limited to, a keyboard, a mouse, a joystick, a keypad, a touch screen, soft keys, a microphone, and the like. Examples of the output interface may include, but are not limited to, a display such as a light emitting diode display, a thin-film transistor (TFT) display, a liquid crystal display, an active-matrix organic light-emitting diode (AMOLED) display, a microphone, a speaker, a ringer, and the like.
[032] In an embodiment, the communication interface 208 may include mechanisms configured to communicate with other entities in the environment 100. For example, the communication interface 208 is configured to communicate with a centralized server that performs EoL testing of all automobiles in the manufacturing facility. As such, the communication interface 208 of the ECU 150 is configured to receive a request for generating at least one authentication key during EoL testing from the centralized server. The request is processed by the ECU 150 to generate the one or more random numbers. In an example, each random number may correspond to an authentication key which may be used for pairing the ECU 150 of the vehicle 110 with the automotive key 170 for facilitating access to the vehicle 110.
[033] In an embodiment, the ADC 210 is configured to convert analog signals to a digital form for processing by the processor 202. In general, the ADC 210 is a data converter which allows digital circuits such as, the processor 202, to interface with the real-world by encoding analog signals into a binary code. Every ADC such as, the ADC 210 requires a certain amount of time, also termed as, conversion time interval, to covert an analog signal to a digital signal. Typically, the ADC 210 is characterized by conversion time intervals between a minimum conversion time interval of 3 µs to a maximum conversion time interval of 39 µs, corresponding to a particular brand of microcontroller. This range of conversion time interval is due to piece to piece variations in devices during the manufacturing process and is also referred to herein as ‘manufacturing tolerances’. As such, manufacturing tolerances are due to inherent differences or variations in manufacturing electrical components such as, the ADC 210 or more specifically, components of the ADC 210. Various embodiments of the present disclosure exploit the manufacturing tolerance of the ADC 210 to generate the seed value as will be explained hereinafter.
[034] The ECU 150 is depicted to be in operative communication with a database 220. In one embodiment, the database 220 is configured to store one or more pseudo random number generation algorithms to generate a random sequence of the one or more random numbers. More specifically, each algorithm may include one or more mathematical equations or functions to generate the one or more random numbers. Further, the database 220 may also store a plurality of predefined rules for determining the seed value. These predefined rules are basically selection criterion for selecting a seed value based on the plurality of conversion time intervals. In an example, the predefined rule may indicate selection of minimum conversion time interval Tmin as the seed value. In another example, the predefined rule may indicate selection of conversion time intervals within a range, for example, between 10 µs to 35 µs, from the plurality of conversion time intervals and perform an average to determine the seed value. It shall be noted that the predefined rules described above are for exemplary purposes and any number of predefined rules may be stored in the database 220 and selected by the operator of the ECU 150 for determining the seed value.
[035] The database 220 may include multiple storage units such as hard disks and/or solid-state disks in a redundant array of inexpensive disks (RAID) configuration. In some embodiments, the database 220 may include a storage area network (SAN) and/or a network attached storage (NAS) system. In one embodiment, the database 220 may correspond to a distributed storage system, wherein individual databases are configured to store custom information, such as, random number generation policies, list of automotive keys paired with the ECU 150, historical data of generated random numbers, historical data of seed values, specification of components such as, processor, ADC, etc.
[036] In some embodiments, the database 220 is integrated within the ECU 150. For example, the ECU 150 may include one or more hard disk drives as the database 220. In other embodiments, the database 220 is external to the ECU 150 and may be accessed by the ECU 150 using a storage interface (not shown in FIG. 2). The storage interface is any component capable of providing the processor 202 with access to the database 220. The storage interface may include, for example, an Advanced Technology Attachment (ATA) adapter, a Serial ATA (SATA) adapter, a Small Computer System Interface (SCSI) adapter, a RAID controller, a SAN adapter, a network adapter, and/or any component providing the processor 202 with access to the database 220.
[037] As already explained, the communication interface 208 is configured to receive the request from the centralized server for generating the at least one authentication key. The communication interface 208 forwards the request to the processor 202. The modules of the processor 202 in conjunction with the instructions 205 in the memory 204 are configured to process the request for determining the seed value and subsequently generating the one or more random numbers which are used as authentications keys for efficiently pairing the ECU 150 and the automotive key 170. The processor 202 is configured to forward the request to the control module 212.
[038] In an embodiment, the control module 212 in conjunction with the instructions 205 stored in the memory 204 is configured to generate a control signal based on the request. The control signal is sent to one or more electrical devices electrically coupled with the ECU 150 for receiving the plurality of analog signals. More specifically, the control signal initiates the generation of the plurality of analog signals that may be used for determining the seed value as will be explained hereinafter. In an example, the control signal may be sent to 5 different sensors S1, S2, S3, S4 and S5, associated with the ECU 150 of the vehicle 110, for example, ambient temperature sensor S1, engine temperature sensor S2, fuel level sensor S3, engine oil pressure sensor S4, and emission level sensor S5.
[039] The sensors S1, S2, S3, S4 and S5 generate the plurality of analog signals A1, A2, A3, A4 and A5, on receiving the control signal. In another embodiment, the control signal may be provided to only one electrical device associated with the ECU 150, for example, engine temperature sensor S2 and the sensor measurements received over a defined time interval, for example, 5 minutes may be segregated to generate the plurality of analog signals A1, A2, A3, A4 and A5. It shall be noted that receiving the analog signals is explained with reference to the one or more sensors, however, the control signal may also be received from other electrical devices electrically coupled to the ECU 150. The plurality of analog signals A1, A2, A3, A4 and A5 are provided to the ADC 210. As already explained, the ADC 210 converts the plurality of analog signals A1, A2, A3, A4 and A5 to a plurality of digital signals D1, D2, D3, D4 and D5.
[040] In an embodiment, timing information related to conversion of the plurality of analog signals to the plurality of digital signals is provided by the ADC 210 of the ECU 150. More specifically, the timing information includes a conversion start time, a conversion end time, a sampling rate, and the like in relation to conversion of each analog signal of the plurality of analog signals A1, A2, A3, A4 and A5 to corresponding digital signals D1, D2, D3, D4 and D5. The timing information is provided to the seed generator module 214.
[041] The seed generator module 214 in conjunction with the instructions 205 stored in the memory 204 is configured to determine the plurality of conversion time intervals based on the timing information. The conversion time interval corresponds to time taken for the ADC to convert an analog signal of the plurality of analog signals to corresponding digital signal. In an example, the seed generator module 214 determines time intervals (t1, t2, t3, t4, t5) based on the conversion start time (ts1, ts2, ts3, ts4, ts5) and the conversion end time (te1, te2, te3, te4, te5) in relation to conversion of each analog signal of the plurality of analog signals A1, A2, A3, A4 and A5 to the plurality of digital signals D1, D2, D3, D4 and D5. As such, the time interval t1 for converting the analog signal A1 to the digital representation D1 is given by te1 - ts1. Accordingly, the plurality of time intervals t1, t2, t3, t4, t5 are determined from the timing information.
[042] In an embodiment, the seed generator module 214 is configured to scale each time interval of the plurality of time intervals t1, t2, t3, t4, t5 associated with the conversion of each analog signal of the plurality of analog signals to the corresponding digital signal based on a scaling factor. The scaling factor ‘n’ may be any integer used to normalize the time intervals to generate the plurality of conversion time intervals T1, T2, T3, T4, T5. In an example, a number ‘n’ of analog signals converted to digital signals may be used as the scaling factor to determine the plurality of conversion time intervals T1, T2, T3, T4, T5. For example, if the analog signal A2 is converted to the digital signal D2 in 25 µs and if the scaling factor is ‘10’, then then conversion time interval T2 = t2 * n (i.e., 25 µs * 10). In another example, the scaling factor ‘n’ is a positive integer value, for example, 50. It shall be noted that the operator of the ECU 150 may configure the seed generator module 214 with an appropriate scaling factor or may select a range of scaling factors, for example, randomly select a scaling factor ‘n’ from 20-100, for normalizing the time intervals t1, t2, t3, t4, t5 and generating the plurality of conversion time intervals T1, T2, T3, T4, T5.
[043] The seed generator module 214 in conjunction with the instructions 205 stored in the memory 204 is configured to determine a seed value ‘Se’ based on at least one conversion time interval from the plurality of conversion time intervals T1, T2, T3, T4, T5. In an embodiment, the seed value is determined as one of: a maximum value of the conversion time interval from among the plurality of conversion time intervals, a minimum value of the conversion time interval from among the plurality of conversion time intervals, or any other statistical value determined from the plurality of conversion time intervals. The term ‘statistical value’ as used herein refers to the seed value that may be determined by any mathematical manipulation of one or more conversion time intervals of the plurality of conversion time intervals to generate the seed value. In an example, the minimum value of the conversion time interval may be selected as the seed value Se from among the plurality of conversion time intervals T1, T2, T3, T4, T5. For example, if the plurality of conversion time intervals T1, T2, T3, T4, T5 are 20 µs, 30 µs, 6 µs, 12 µs, and 7 µs respectively, then the minimum value of the conversion time interval T3 may be selected as the seed value Se i.e., 6 µs. In another example, the average of 2 maximum values of conversion time intervals is determined as the seed value Se. For example, the conversion time intervals T1, T2 correspond to maximum values of conversion time intervals among the plurality of conversion time intervals T1, T2, T3, T4, T5. As such, average of the conversion time intervals T1, T2 (i.e., 20 µs, 30 µs) is 25 is determined as the seed value. The selection of the seed value may be based on the plurality of predefined rules stored in the database 220. It shall be noted that the operator of the ECU 150 may select different predefined rules for different time instances to ensure randomness in determining the seed value.
[044] The seed generation module 214 is configured to provide the seed value Se to the random number generation module 130 of the processor 202. The seed value Se is used as an initial value for generating the one or more random numbers. In an embodiment, each random number of the one or more random numbers facilitates authentication of an automotive key with an automobile such as, the automotive key 170 with the vehicle 110. In other words, a random number of the one or more random numbers may be used as an authentication key and programmed into the transponder 175 of the automotive key 170. During EoL testing, the ECU 150 and the automotive key 170 are paired together to facilitate access after authentication of the authentication key. Various signal exchanges between components of the ECU 150 and the vehicle 110 is explained next with reference to FIG. 3.
[045] FIG. 3 illustrates a sequence flow diagram depicting interaction between various entities in the environment 100 for determining seed value for generating random numbers for authenticating automotive key, in accordance with an embodiment of the present disclosure.
[046] At 306, a request is sent from an edge device 302 managing EoL automation in a vehicle manufacturing facility to the ECU 150 of the vehicle 110. The request is received for generating authentication keys to pair the ECU 150 of the vehicle 110 with the automotive key 170.
[047] At 308, the processor 202 generates a control signal for the one or more sensors 304. The control signal initiates reception of sensor measurement from the one or more sensors 304. In general, the sensor measurements from the one or more sensors 304 are analog signals. It shall be noted that the plurality of analog signals may be received from other external devices electrically coupled to the ECU 150.
[048] At 310, the ADC 210 receives a plurality of analog signals from the one or more sensors 304. The plurality of analog signals corresponds to sensor measurements performed by the one or more sensors 304. At 312, the ADC 210 converts the plurality of analog signal to corresponding plurality of digital signals. The timing information associated with converting each analog signal to a corresponding digital signal is monitored. The timing information includes at least: a conversion start time, a conversion end time, and a sampling rate associated with conversion of each analog signal of the plurality of analog signals.
[049] At 314, the ADC 210 sends timing information related to the conversion of the plurality of analog signals to the plurality of digital signals to the processor 202 of the ECU 150.
[050] At 316, the processor 202 determines the plurality of conversion time intervals based on the timing information. As already explained, a time interval between a conversion start time and a conversion end time for converting each analog signal of the plurality of analog signals to corresponding digital signals is determined from the timing information. Thereafter, the plurality of time intervals is scaled by a scaling factor, for example, an integer value, to normalize the plurality of time intervals and generating the plurality of conversion time intervals.
[051] At 318, the processor 202 determines a seed value based on the plurality of conversion time intervals. In an embodiment, the seed value is determined as one of: a maximum value of the conversion time interval from among the plurality of conversion time intervals, a minimum value of the conversion time interval from among the plurality of conversion time intervals, or any other statistical value determined from the plurality of conversion time intervals. In an example, a mean of the plurality of conversion time intervals is determined as the seed value. In another example, a mean of a maximum value of conversion time interval and a minimum value of the conversion time interval from among the plurality of conversion time intervals is determined as the seed value. In general, the seed value is determined based on the predefined rule.
[052] At 320, the processor 202 generates the one or more random numbers based on the seed value. More specifically, one or more random number generation algorithms may use the seed value to initialize the algorithm and generate the one or more random numbers. A method for determining the seed value from the plurality of conversion time intervals is explained next with reference to FIG. 4.
[053] FIG. 4 is a flowchart illustrating a method 400 for generating random numbers for authenticating automotive keys associated with automobiles, in accordance with an embodiment of the present disclosure. The method 400 depicted in the flow diagram may be executed by, for example, the ECU 150 shown and explained with reference to FIGS. 2-4. Operations of the flow diagram, and combinations of operation in the flow diagram, may be implemented by, for example, hardware, firmware, a processor, circuitry and/or a different device associated with the execution of software that includes one or more computer program instructions. The operations of the method 400 are described herein with help of the ECU 150. It is noted that the operations of the method 400 can be described and/or practiced by using one or more processors of a system/device other than the ECU 150. The method 400 starts at operation 402.
[054] At operation 402 of the method 400, timing information related to conversion of a plurality of analog signals to a plurality of digital signals is received from an Analog to Digital Converter (ADC) 210 by a processor 202 of an ECU such as, the ECU 150 shown and explained with reference to FIGS. 1-3. The timing information comprises at least: a conversion start time, a conversion end time, and a sampling rate for the plurality of analog signals. It shall be noted that the ADC 210 is also part of the ECU 150 as depicted in FIG. 2. The sampling rate may be defined in the datasheet of the ADC, while the conversion start time and the conversion end time may be recorded by the ADC and provide the information to the processor 202.
[055] At operation 404 of the method 400, the plurality of conversion time intervals is determined based on the timing information. Each conversion time interval of the plurality of conversion time intervals corresponds to time taken for the ADC to convert an analog signal of the plurality of analog signals to corresponding digital signal. As already explained, a time interval between a conversion start time and a conversion end time for converting each analog signal of the plurality of analog signals to corresponding digital signals is determined from the timing information (i.e., the conversion start time of the analog signal and the conversion end time of the analog signal). The plurality of time intervals is scaled using a scaling factor to generate the plurality of conversion time intervals. Typically, an ADC has a range of conversion time interval (for example, 3 µs to 39 µs). However, based on the analog signal input to the ADC, the conversion time interval may vary between the range. Hence, the uncertainty in the conversion time interval for a given input analog signal acts as the seed value for generating the random number.
[056] At operation 406 of the method 400, the seed value is determined based on at least one conversion time interval from the plurality of conversion time intervals. In an embodiment, the seed value is determined as one of: a maximum value of the conversion time interval from among the plurality of conversion time intervals, a minimum value of the conversion time interval from among the plurality of conversion time intervals, or any other statistical value determined from the plurality of conversion time intervals. More specifically, the seed value is determined from the plurality of conversion time intervals based on the plurality of predefined rules as explained with reference to FIGS. 2 and 3. The seed value is used by a random number generator module of the processor for generating one or more random numbers. Each random number of the one or more random numbers facilitates authentication of an automotive key with an automobile at the EoL testing.
[057] The sequence of operations of the method 400 need not be necessarily executed in the same order as they are presented. Further, one or more operations may be grouped together and performed in form of a single step, or one operation may have several sub-steps that may be performed in parallel or in sequential manner.
[058] The disclosed method with reference to FIG. 4, or one or more operations of the flow diagram 400 may be implemented using software including computer-executable instructions stored on one or more computer-readable media (e.g., non-transitory computer-readable media, such as one or more optical media discs, volatile memory components (e.g., DRAM or SRAM), or non-volatile memory or storage components (e.g., hard drives or solid-state non-volatile memory components, such as Flash memory components) and executed on a computer (e.g., any suitable computer, such as a laptop computer, net book, Web book, tablet computing device, smart phone, or other mobile computing device). Such software may be executed, for example, on a single local computer
[059] FIG. 5 shows a block diagram of a general-purpose computer for determining a seed value for generating random numbers for authenticating automotive keys associated with automobiles, in accordance with an embodiment of the present disclosure. The computer system 500 may comprise a central processing unit (“CPU” or “processor”) 502. The processor 502 may comprise at least one data processor. The processor 502 may include specialized processing units such as integrated system (bus) controllers, memory management control units, floating point units, graphics processing units, digital signal processing units, etc. The computer system 500 may be analogous to the ECU 150 (shown in FIG. 2).
[060] The processor 502 may be disposed in communication with one or more input/output (I/O) devices (not shown) via I/O interface 501. The I/O interface 501 may employ communication protocols/methods such as, without limitation, audio, analog, digital, monoaural, RCA, stereo, IEEE-1394, serial bus, universal serial bus (USB), infrared, PS/2, BNC, coaxial, component, composite, digital visual interface (DVI), high-definition multimedia interface (HDMI), Radio Frequency (RF) antennas, S-Video, VGA, IEEE 802.n /b/g/n/x, Bluetooth, cellular (e.g., code-division multiple access (CDMA), high-speed packet access (HSPA+), global system for mobile communications (GSM), long-term evolution (LTE), WiMax, or the like), etc.
[061] Using the I/O interface 501, the computer system 500 may communicate with one or more I/O devices. For example, the input device 510 may be an antenna, keyboard, mouse, joystick, (infrared) remote control, camera, card reader, fax machine, dongle, biometric reader, microphone, touch screen, touchpad, trackball, stylus, scanner, storage device, transceiver, video device/source, etc. The output device 511 may be a printer, fax machine, video display (e.g., cathode ray tube (CRT), liquid crystal display (LCD), light-emitting diode (LED), plasma, Plasma display panel (PDP), Organic light-emitting diode display (OLED) or the like), audio speaker, etc.
[062] In some embodiments, the computer system 500 is connected to the remote devices 512 through a communication network 509. The remote devices 512 may be peripheral devices providing the plurality of analog signals, for example, one or more sensors. The processor 502 may be disposed in communication with the communication network 509 via a network interface 503. The network interface 503 may communicate with the communication network 509. The network interface 503 may employ connection protocols including, without limitation, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/internet protocol (TCP/IP), token ring, IEEE 802.11a/b/g/n/x, etc. The communication network 509 may include, without limitation, a direct interconnection, local area network (LAN), wide area network (WAN), wireless network (e.g., using Wireless Application Protocol), the Internet, etc. Using the network interface 503 and the communication network 509, the computer system 500 may communicate with the remote devices 512. The network interface 503 may employ connection protocols include, but not limited to, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/internet protocol (TCP/IP), token ring, IEEE 802.11a/b/g/n/x, etc.
[063] The communication network 509 includes, but is not limited to, a direct interconnection, an e-commerce network, a peer to peer (P2P) network, local area network (LAN), wide area network (WAN), wireless network (e.g., using Wireless Application Protocol), the Internet, Wi-Fi, 3GPP and such. The first network and the second network may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), etc., to communicate with each other. Further, the first network and the second network may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, etc.
[064] In some embodiments, the processor 502 may be disposed in communication with a memory 505 (e.g., RAM, ROM, etc. not shown in FIG. 5) via a storage interface 504. The storage interface 504 may connect to memory 505 including, without limitation, memory drives, removable disc drives, etc., employing connection protocols such as serial advanced technology attachment (SATA), Integrated Drive Electronics (IDE), IEEE-1394, Universal Serial Bus (USB), fiber channel, Small Computer Systems Interface (SCSI), etc. The memory drives may further include a drum, magnetic disc drive, magneto-optical drive, optical drive, Redundant Array of Independent Discs (RAID), solid-state memory devices, solid-state drives, etc.
[065] The memory 505 may store a collection of program or database components, including, without limitation, user interface 506, an operating system 507, web server 508, etc. In some embodiments, computer system 500 may store user/application data, such as, the data, variables, records, etc., as described in this disclosure. Such databases may be implemented as fault-tolerant, relational, scalable, secure databases such as Oracle ® or Sybase®.
[066] The operating system 507 may facilitate resource management and operation of the computer system 500. Examples of operating systems include, without limitation, APPLE MACINTOSH® OS X, UNIX®, UNIX-like system distributions (e.g., BERKELEY SOFTWARE DISTRIBUTION™ (BSD), FREEBSD™, NETBSD™, OPENBSD™, etc.), LINUX DISTRIBUTIONS™ (e.g., RED HAT™, UBUNTU™, KUBUNTU™, etc.), IBM™ OS/2, MICROSOFT™ WINDOWS™ (XP™, VISTA™/7/8, 10 etc.), APPLE® IOS™, GOOGLE® ANDROID™, BLACKBERRY® OS, or the like.
[067] In some embodiments, the computer system 500 may implement a web browser 508 stored program component. The web browser 508 may be a hypertext viewing application, for example MICROSOFT® INTERNET EXPLORER™, GOOGLE® CHROME™, MOZILLA® FIREFOX™, APPLE® SAFARI™, etc. Secure web browsing may be provided using Secure Hypertext Transport Protocol (HTTPS), Secure Sockets Layer (SSL), Transport Layer Security (TLS), etc. Web browsers 508 may utilize facilities such as AJAX™, DHTML™, ADOBER FLASH™, JAVASCRIPT™, JAVA™, Application Programming Interfaces (APIs), etc. In some embodiments, the computer system 500 may implement a mail server stored program component. The mail server may be an Internet mail server such as Microsoft Exchange, or the like. The mail server may utilize facilities such as ASP™, ACTIVEX™, ANSI™ C++/C#, MICROSOFT®, .NET™, CGI SCRIPTS™, JAVA™, JAVASCRIPT™, PERL™, PHP™, PYTHON™, WEBOBJECTS™, etc. The mail server may utilize communication protocols such as Internet Message Access Protocol (IMAP), Messaging Application Programming Interface (MAPI), MICROSOFT® exchange, Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), or the like. In some embodiments, the computer system 500 may implement a mail client stored program component. The mail client may be a mail viewing application, such as APPLE® MAIL™, MICROSOFT® ENTOURAGE™, MICROSOFT® OUTLOOK™, MOZILLA® THUNDERBIRD™, etc.
[068] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include Random Access Memory (RAM), Read-Only Memory (ROM), volatile memory, non-volatile memory, hard drives, CD (Compact Disc) ROMs, DVDs, flash drives, disks, and any other known physical storage media.
[069] Various embodiments of the present disclosure provide numerous advantages. Embodiments of the present disclosure provide a method for determining seed value for generating random numbers for authenticating automotive keys. More specifically, techniques for secure pairing of the automotive key 170 with the ECU 150 of the vehicle 110 during EoL testing ensures the vehicle 110 is not opened using unauthorized means. Moreover, manufacturing tolerances in devices such as, the ADC 210 which are inherent and random in nature acts as an excellent source of randomness to generate the seed value. As the seed value is random, the one or more random numbers generated as authentication keys for pairing the automotive key 170 with the vehicle 110 are also random thereby, ensuring malicious devices from reproducing the authentication key generated. Moreover, in automated production/manufacturing lines of automobile facility, such random determination of seed value from manufacturing tolerances in the ADC 210 avoid any two automobile units/vehicles from possessing the same seed value and thereby preventing multiple ECUs belonging to the same ECU batch generating identical random numbers as authentication keys for pairing corresponding automotive keys with respective vehicles and defeating the security based features for a given batch.
[070] It will be understood by those within the art that, in general, terms used herein, and are generally intended as “open” terms (e.g., the term “including” should be interpreted as “including but not limited to,” the term “having” should be interpreted as “having at least,” the term “includes” should be interpreted as “includes but is not limited to,” etc.). For example, as an aid to understanding, the detail description may contain usage of the introductory phrases “at least one” and “one or more” to introduce recitations. However, the use of such phrases should not be construed to imply that the introduction of a recitation by the indefinite articles “a” or “an” limits any particular part of description containing such introduced recitation to inventions containing only one such recitation, even when the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an” (e.g., “a” and/or “an” should typically be interpreted to mean “at least one” or “one or more”) are included in the recitations; the same holds true for the use of definite articles used to introduce such recitations. In addition, even if a specific part of the introduced description recitation is explicitly recited, those skilled in the art will recognize that such recitation should typically be interpreted to mean at least the recited number (e.g., the bare recitation of “two recitations,” without other modifiers, typically means at least two recitations or two or more recitations).
[071] While various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following detailed description , Claims:We claim:

1. A method for determining a seed value for generating random numbers for authenticating automotive keys associated with automobiles, comprising:
receiving, by a processor (202) of an Electronic Control Unit (ECU) (150), timing information related to conversion of a plurality of analog signals to a plurality of digital signals from an Analog to Digital Converter (ADC) (210) of the ECU (150);
determining, by the processor (202), a plurality of conversion time intervals based on the timing information, wherein each conversion time interval of the plurality of conversion time intervals corresponds to time taken for the ADC (210) to convert an analog signal of the plurality of analog signals to corresponding digital signal; and
determining, by the processor (202), a seed value based on at least one conversion time interval from the plurality of conversion time intervals,
wherein the seed value is used by a random number generator module (130) of the processor (202) for generating one or more random numbers,
wherein each random number of the one or more random numbers facilitates authentication of an automotive key (170) with an automobile (110).

2. The method as claimed in claim 1, wherein the seed value is determined as one of: a maximum value of the conversion time interval from among the plurality of conversion time intervals, a minimum value of the conversion time interval from among the plurality of conversion time intervals, or any other statistical value determined from the plurality of conversion time intervals.

3. The method as claimed in claim 1, wherein determining the plurality of conversion time intervals comprises:
determining, by the processor (202), a time interval between a conversion start time and a conversion end time for converting each analog signal of the plurality of analog signals to corresponding digital signals from the timing information; and
scaling, by the processor (202), each time interval associated with the conversion of the analog signal of the plurality of analog signals to the corresponding digital signal based on a scaling factor to generate the plurality of conversion time intervals.

4. The method as claimed in claim 1, wherein the timing information comprises at least: a conversion start time, a conversion end time, and a sampling rate.

5. An Electronic Control Unit (ECU) (150) for determining a seed value for generating random numbers for authenticating automotive keys associated with automobiles, comprising:
an Analog to Digital Converter (ADC) (210) configured to convert a plurality of analog signals to a plurality of digital signals;
a memory (204) storing executable instructions (205); and
a processor (202) communicably coupled to the ADC (210) and the memory (204), wherein the processor (202) is configured to execute the instructions (205) to:
receive timing information related to the conversion of the plurality of analog signals to the plurality of digital signals;
determine a plurality of conversion time intervals based on the timing information, wherein each conversion time interval of the plurality of conversion time intervals corresponds to time taken for the ADC (210) to convert an analog signal of the plurality of analog signals to corresponding digital signal; and
determine a seed value based on at least one conversion time interval from the plurality of conversion time intervals,
wherein the seed value is used by a random number generator module (130) of the processor (202) for generating one or more random numbers,
wherein each random number of the one or more random numbers facilitates authentication of an automotive key (170) with an automobile (110).

6. The ECU (150) as claimed in claim 5, wherein the seed value is one of: a maximum value of the conversion time interval from among the plurality of conversion time intervals, a minimum value of the conversion time interval from among the plurality of conversion time intervals, or any other statistical value determined from the plurality of conversion time intervals.

7. The ECU (150) as claimed in claim 5, wherein for determining the plurality of conversion time intervals, the ECU (150) is configured to:
determine a time interval between a conversion start time and a conversion end time for converting each analog signal of the plurality of analog signals to corresponding digital signals from the timing information; and
scale each time interval associated with the analog signal of the plurality of analog signals to the corresponding digital signal based on a scaling factor to generate the plurality of conversion time intervals.

8. The ECU (150) as claimed in claim 5, wherein the timing information comprises at least: a conversion start time, a conversion end time, and a sampling rate.