Sample-Mercedes-Benz-TRP-form
Sample-Mercedes-Benz-TRP-form
Posted inCardiagtech

Understanding XENTRY Ping ID: Enhancing Security for Mercedes-Benz Diagnostics and Theft-Relevant Parts

No Comments

As a content creator for xentryportal.store and an expert in automotive repair, I’m here to break down the essential changes in Mercedes-Benz service processes. This article will delve into the critical procedures you need to know, focusing on Xentry Ping Id, a key component of the account verification system, and its role alongside the Theft Relevant Part (TRP) policy. We aim to provide a comprehensive guide that surpasses the original article in detail and SEO optimization, specifically targeting an English-speaking audience interested in Mercedes-Benz diagnostics and security.

Navigating the Evolving Landscape of Mercedes-Benz Security

Servicing modern Mercedes-Benz vehicles now involves navigating sophisticated security protocols. Independent repair shops and technicians often face complexities when dealing with part replacements and electronic system programming. Many in the field express frustration with the added steps required for seemingly simple tasks. However, understanding the reasons behind these measures is crucial. Vehicle theft is a significant issue, impacting both manufacturers and customers. Data from the National Insurance Crime Bureau (NICB) reveals alarming statistics, with over a million vehicles stolen in 2022 alone. This translates to nearly two vehicles stolen every minute! Personal experiences, like the theft of a relative’s car due to publicized vulnerabilities, highlight the urgent need for robust vehicle security measures. Automakers are compelled to prioritize vehicle security to protect their customers and brand integrity.

The automotive industry’s focus on security isn’t new. The Motor Vehicle Theft Law Enforcement Act of 1984 laid the groundwork by requiring Vehicle Identification Numbers (VINs) on major parts to combat “chop shops” dealing in stolen vehicles. This was just the beginning of evolving vehicle security policies.

Mercedes-Benz has consistently been proactive in vehicle security. Their Theft-Relevant Parts (TRP) program, initiated in 2008, was a pioneering effort to grant independent technicians access to security-critical parts. To ensure consistent implementation across their network and broaden aftermarket access to TRPs, Mercedes-Benz USA (MBUSA) significantly revised its TRP Policy in January 2015. A cornerstone of the TRP program is the requirement for technicians to be registered with the NASTF Vehicle Security Professional (VSP) Registry. This registry, utilizing the OEM-NASTF-National Insurance Crime Bureau (NICB) Secure Data Release Model (SDRM), facilitates secure access to OEM security products for locksmiths and technicians. For in-depth information, refer to the NASTF and VSP Registry article (bit.ly/NASTFVSP) from the June 2021 issue of StarTuned (bit.ly/mbst202106).

Understanding Theft-Relevant Parts (TRPs) and Information (TRI)

So, what exactly constitutes a Theft Relevant Part (TRP)? TRPs are components that could be exploited to steal a vehicle or to fraudulently alter its identity. This includes parts like keys and control units. The current Mercedes-Benz TRP policy covers a comprehensive list of components:

  • Electronic vehicle key
  • Electronic steering lock (ELV, ESL, ESCL)
  • Electronic ignition switch (EZS/EIS) and workshop key for personalization
  • Electronic ignition switch with integrated central gateway (EZS/ZGW, EIS/CGW)
  • Electronic selector lever module (EWM/ESM)
  • Vehicle-related plates, identification plate, production plate, visible VIN plate, including base material
  • Transmission control unit (VGS, TCM)
  • Direct shift module (DSM, ISM)
  • Bodies and body sections/parts for placement of the vehicle identification number
  • Engine control unit (MSG, MCM)
  • Power electronics for electric drive with DAS (TUBE)
  • Hybrid and e-drive control unit (EMx, ME2)
  • Belt-driven or integrated starter-alternator (RSG, ISG) for DAS4
  • Locking sets and mechanical keys

Beyond physical parts, the policy also addresses Theft Relevant Information (TRI). TRI encompasses data crucial for vehicle security and identity, such as:

  • Locking data record
  • Initialization data
  • Personalization data
  • Disable/enable information

The Importance of Record Keeping in TRP Procedures

Meticulous record-keeping is a vital aspect of the TRP policy. While primarily the responsibility of the parts dealer, it also necessitates diligence from repair facilities to maintain accurate documentation.

Dealers are mandated to verify the necessary documentation before fulfilling orders for TRPs. This is a critical safeguard to protect vehicle security and mitigate liability. Non-compliance can lead to severe legal ramifications for technicians, shops, and dealerships in cases of theft or fraud. Therefore, strict adherence to the documentation process is paramount.

Only vehicle owners, their authorized representatives (like independent service providers or ISPs), or authorized Mercedes-Benz or Freightliner dealerships undertaking vehicle repairs are permitted to order Theft-Relevant Parts.

Navigating TRP Orders as an Independent Service Provider (ISP)

If you’ve previously ordered keys for Mercedes-Benz vehicles, you might be familiar with some of these steps. For those new to the process, here’s a breakdown:

First, registration as a Vehicle Security Professional (VSP) on the NASTF website is essential. Detailed information about the SDRM registry and VSP registration is available at nastf.org under “Vehicle Security Professional.” VSP registration is a worthwhile investment for shops regularly servicing Mercedes-Benz vehicles, as it grants access to TRPs for numerous manufacturers.

When a VSP places a TRP order, specific documentation must be presented to the dealer. The dealer will retain the originals or copies for their records:

  • TRP Authorization: This is an email authorization received by the dealer after a request is submitted through the SDRM Registry using the Mercedes-Benz Theft-Relevant Part D-1 order form, accessible at sdrm.nastfsecurityregistry.org.
  • VSP Authorization: The VSP Registry Positive ID Authorization Form D-1. Transfer owner details from the D-1 form to a TRP form and provide a copy to the dealer. This serves as both an authorization letter and owner identification.


A sample Mercedes-Benz TRP form illustrating the required documentation for ordering theft-relevant parts.

You can download a copy of the TRP form at bit.ly/mbtrpi. It’s also advisable to obtain customer authorization in writing, confirming your shop’s authorization to repair their vehicle. Having these forms prepared in advance can streamline the process when TRPs are required.

  • Proof of ownership: A copy of the vehicle registration, title, or any official ownership document acceptable to a Department of Motor Vehicles for title issuance.
  • VSP Proof of identity: Original or photocopy of the VSP’s government-issued photo driver’s license or passport.
  • Repair Order: A valid repair order from the VSP’s business, clearly stating the customer’s name and address, VIN, and TRP part number(s).

Proactive preparation is key. Conduct TRP policy briefings for your staff and create a dedicated folder for TRP-related jobs to ensure efficient handling of these procedures. The TRP form, examples, and the complete policy details are available at bit.ly/mbtrpi.

Specific Requirements for Ordering Keys

For Vehicle Security Professionals (VSPs) participating in the NASTF Secure Data Release Model (SDRM) Registry, purchasing pre-programmed or pre-cut keys involves additional documentation:

  • All documentation outlined in the general TRP policy is mandatory.
  • A supplementary key certification form (found on the STAR Tekinfo website) must be completed and presented to the dealer. The original form is retained by the dealer with the other TRP documentation.


Page one of the key certification form, required in addition to TRP documentation when ordering Mercedes-Benz keys.

  • Keys can be securely shipped to a VSP.
  • Blank or unprogrammed keys are strictly prohibited from sale.
  • DAS 4 keys require an active XENTRY Diagnosis subscription for the VSP to register the vehicle as ‘present.’ Whether programmed by a dealer or ordered from the MBUSA Parts depot, DAS4 key programming necessitates confirmation from DAS4 servers in Europe that the ‘vehicle is present,’ communicated via XENTRY. Without a XENTRY subscription, ordering new DAS4 keys is not possible, requiring customers to visit a dealer or an ISP with XENTRY access.

Considering acquiring a XENTRY Diagnosis system? Purchase details are available on the STAR TekInfo website under Mercedes-Benz Workshop Resources. The June 2017 issue of StarTuned (bit.ly/mbst201706) and the article explaining the advantages of XENTRY Diagnosis systems (bit.ly/needXENTRY) provide further insights.

  • For DAS 4 keys when no keys are present, the process becomes more complex. Ignition must be switched on to register the vehicle as ‘present.’ The VSP must perform vehicle and VIN referencing at the vehicle and submit all TRP documentation to the authorized Mercedes-Benz dealer before submitting the key certification form. The dealer then completes a form certifying vehicle presence. Consult your local dealer for details on this ‘fallback’ process, which is not a substitute for a XENTRY subscription.

The core principle behind these key-related policies is to prevent unauthorized key orders that could facilitate vehicle theft. Historically, before stringent TRP enforcement, key-related theft was more prevalent. A significant case involved a Mercedes-Benz dealer facing substantial liability due to lapses in TRP policy adherence, highlighting the critical importance of compliance.

Multi-Factor Identification and XENTRY Ping ID for Secure Diagnostics

Moving to the second crucial aspect of security: identity and account verification for preventing unauthorized control unit programming. Before initiating commissioning, programming, or coding of any control units using XENTRY Flash, authentication within XENTRY Diagnosis using a second factor is mandatory. In addition to your standard C7 User ID and password, an authentication app, specifically XENTRY Ping ID, on your smartphone is required.

The fundamental concept is to enhance security by preventing unauthorized access to critical programming functions. While anyone can create an account and obtain a GEMS (C7) username, gaining “XENTRY Standard Diagnosis” rights, and even “Flash” rights for programming, requires robust identity verification. The initial business account registrant gains administrative rights, including the ability to assign roles to employees. (C7 ID acquisition is detailed in the “STAR TekInfo” article mentioned earlier). Standard Diagnosis rights, allowing access to most XENTRY Diagnosis functions except flashing, are attainable by completing the IDNow process. Requesting Flash rights, necessary for coding and programming, is a separate step initiated with MBUSA after obtaining a XENTRY Diagnosis system and Standard Diagnosis rights. This process typically takes a few days.

The IDNow process, required for both Standard Diagnosis and Flash rights, is user-friendly and guided by the website. MBUSA also provides comprehensive instructions. Generally, it involves submitting identification documents, such as a driver’s license, and taking a few selfies for identity verification.


The UMAS Admin screen illustrating the account administration features for managing user roles and access rights within the Mercedes-Benz system.

Upon successfully assigning yourself the Standard Diagnosis role, you can proceed to request Flash rights from MBUSA, following their detailed instructions. Processing Flash rights assignments usually takes a few days.

Once Flash rights are granted, initiating a XENTRY Flash operation will automatically trigger the authentication process. The first attempt will guide you to set up the Mercedes-Benz recommended PingID app. This setup process is crucial for secure access and requires careful attention.

Setting Up and Using XENTRY Ping ID

XENTRY Ping ID is the designated authentication app for Mercedes-Benz XENTRY Diagnosis. Here’s a step-by-step guide to setting it up:

  1. Install PingID: Download the PingID app from either the Apple App Store or Google Play Store onto your smartphone.
  2. Initial App Setup: Launch the PingID app and accept the terms and conditions, ensuring you grant camera access when prompted.
  3. QR Code Scan: On your XENTRY screen, a QR code will be displayed. Use the PingID app on your phone to scan this QR code. After scanning, click “Next” on the XENTRY screen.
  4. Authentication Code: The PingID app will generate a unique authentication code. Enter this code into the designated field on the XENTRY screen and click “Verify.”
  5. Account Setup: Select “Start Setup” in the PingID app and add your account by tapping the “+” icon. Follow the on-screen prompts to complete account setup.
  6. Access Granted: Once setup is complete, you will be automatically redirected to the two-factor protected XENTRY application and can begin using it for Flash operations.

The initial login for XENTRY Flash will prompt you to choose between a security key or the smartphone authentication app. Selecting the smartphone app (XENTRY Ping ID) is the recommended and more convenient option for most users, unless a smartphone is not available. For users who require a security key, contact MBUSA for details on obtaining and using this alternative authentication method.

Subsequent logins for XENTRY Diagnosis will proceed as usual. When Flash operations or other security-sensitive functions are initiated, XENTRY Diagnosis will prompt you to authenticate using your second factor via XENTRY Ping ID. The app will generate a time-sensitive verification code, typically valid for about 30 seconds. Enter this code promptly when prompted to complete the authentication process and proceed with the programming procedure. This process securely stores your second-factor authentication for future sessions.

Examples of the one-time passcode and verification notifications displayed in the PingID app during the XENTRY authentication process.

Conclusion: Adapting to Enhanced Security Measures

The automotive service industry, particularly when dealing with brands like Mercedes-Benz, is continuously evolving with increasingly stringent security measures. Procedures and policies, such as TRP and multi-factor authentication with XENTRY Ping ID, are becoming more prevalent. While these changes may initially seem complex, they are essential for safeguarding vehicle security in an era of increasing technological sophistication and rising vehicle theft.

Staying ahead requires continuous learning and adaptation. Implementing robust internal policies, providing thorough training for technicians and service advisors, and embracing tools like XENTRY Ping ID are crucial steps for ensuring smooth, secure, and compliant service operations. By proactively addressing these evolving security protocols, independent service providers can continue to deliver expert service while upholding the highest standards of vehicle security and customer trust.

Download PDF

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *