Posted inCardiagtech

Enhanced Security for XENTRY Flash: A Comprehensive Guide for Automotive Professionals

No Comments

As a leading solution for ECU commissioning, programming, and coding, Xentry Flash is now fortified with an enhanced security layer. To ensure the integrity of vehicle systems and data, a mandatory second authentication step has been introduced for every user accessing XENTRY Flash functionalities. This enhanced security protocol, similar to the TAN authentication used in online banking, adds a robust layer of protection to your diagnostic processes.

To complete the second authentication, you will need to utilize one of the following secure methods:

  • Smartphone Authenticator App: Choose a compatible app such as PingID or Microsoft Authenticator for a convenient and secure authentication process.
  • USB Security Key: You have the flexibility to select any USB security key that adheres to the FIDO2 standard. These keys are readily available from reputable electronics retailers or directly from security key manufacturers.

We strongly advise setting up both authentication options immediately. This proactive approach ensures uninterrupted workflow, even if one authentication method becomes temporarily unavailable. Having a backup authentication factor readily accessible will prevent potential delays and keep your workshop operations running smoothly.

To guide you through the setup process, we have prepared a detailed HelpCard available for download, providing step-by-step instructions for configuring your chosen authentication methods.

Resetting Your Second Factor Authentication

In situations where you are unable to authenticate due to a lost or forgotten device, several recovery options are available to regain access to XENTRY Flash:

  1. Utilize an Alternate Second Factor: If you have configured both a smartphone app and a USB security key, simply use the alternate method to authenticate. This provides immediate access and minimizes disruption.

  2. Contact Your Organization Administrator: If you lack an alternative second factor, reach out to your organization administrator. They possess the authority to reset your second factor, enabling you to set up a new authentication method and regain access to XENTRY Flash. You can identify your Org admin through Alice under your profile data by clicking on “Administrators”.

For organization administrators requiring guidance on resetting user’s second factors, detailed instructions are available in this document: Instructions for org admins on how to reset the second factor.

Versatile Applications of XENTRY Flash in Your Workshop

XENTRY Flash is a versatile tool designed to streamline various essential workshop processes across the Mercedes-Benz vehicle range. Whether you are working on Mercedes-Benz Cars (including smart*, Maybach, and SLR) or Mercedes-Benz Vans, XENTRY Flash provides comprehensive support for:

  • ECU Flashing: Efficiently update and program Electronic Control Units (ECUs) to ensure vehicles are running on the latest software versions.
  • SCN/CVN Coding: Perform Software Calibration Number (SCN) coding and Calibration Verification Number (CVN) coding to maintain the correct software configurations and ensure system integrity.
  • Equipment Code Entry: Configure and enter equipment codes to accurately reflect the vehicle’s options and specifications.

For Mercedes-Benz Trucks, XENTRY Flash offers an online parameterization process for control units. This significantly accelerates data availability in the workshop following a control unit replacement, reducing downtime and enhancing efficiency.

All XENTRY Flash processes are seamlessly integrated within the familiar XENTRY Diagnosis and XENTRY DAS software environments. This integration minimizes manual interventions required from your technicians, simplifying workflows and reducing the potential for errors.

Streamlined Processes: Automatic SCN Coding and VeDoc Documentation

Following ECU programming with XENTRY Flash, the system automatically initiates SCN coding (if supported by the control unit) and VeDoc reverse documentation within the VeDoc Vehicle Documentation System. This automated process ensures that any modifications made to the vehicle or its control unit software are accurately and immediately updated on the VeDoc vehicle data card. This real-time documentation is crucial for maintaining accurate vehicle records and facilitating future diagnostics and services.

Single Sign-On for Enhanced Workflow Efficiency

To further optimize your workshop operations, XENTRY Flash incorporates a Single Sign-On (SSO) feature. Once logged into any Mercedes-Benz workshop application, such as XENTRY Flash or WIS, you gain automatic access to other central online systems without requiring repeated logins. This eliminates redundant sign-in procedures, creating a smoother and more efficient workflow. For security purposes, users are automatically logged out of the online systems after one hour of inactivity.

Understanding New Diagnosis User Rights (Effective June 2020)

With the introduction of the E-Class facelift and the new S-Class models, Mercedes-Benz implemented a new security concept that significantly impacts the use of XENTRY Diagnosis software.

As of the June 2020 data release, accessing the new E-Class and S-Class vehicles for diagnosis requires entering a personalized username and password. Diagnosing these models is no longer possible without this authentication. This measure mandates diagnosis access authorization for all users interacting with these newer vehicles. Consequently, repairing and diagnosing these model series with a XENTRY Diagnosis Kit 2 is no longer supported; a XENTRY Diagnosis Kit 3 or later is now the minimum requirement.

Two distinct types of user rights are now in place:

  • XENTRY Standard Diagnosis: This user right is intended for diagnosis users who do not require XENTRY Flash authorization. It permits basic diagnostic functions such as reading and erasing fault memories.
  • XENTRY Flash User: This user right corresponds to the previous XENTRY Flash user authorization, granting access to ECU programming and coding functionalities.

To acquire the necessary user rights, please follow the appropriate option:

  1. XENTRY Flash Authorization: Both XENTRY Flash roles (Standard-Flash role and Extended Flash role for all CeBAS vehicles) can be requested through the UMAS platform. Each user must complete a one-time identification process via UMAS to obtain the Flash roles.

  2. XENTRY Standard Diagnosis Rights: Every diagnosis user needs to independently request Standard Diagnosis rights via https://umas.mercedes-benz.com/umas and complete the one-off identification process. In some cases, market-specific ISP support may need to create the user in GEMS if a user ID is not already established.

The Critical Role of Certificate-Based Diagnosis

Modern vehicles are increasingly sophisticated, evolving into “mobile computers.” This technological advancement, while offering numerous benefits, also makes vehicles more vulnerable to cyberattacks and unauthorized access. Growing media attention and evolving UNECE regulations are driving the necessity for enhanced vehicle protection. Mercedes-Benz is proactively implementing robust security measures, including certificate-based diagnosis, to address these challenges.

To safeguard against unauthorized diagnostic access, the latest Mercedes-Benz vehicle software architecture incorporates user-related security certificates. This certificate-based diagnosis system adds a crucial layer of security to protect sensitive vehicle data and systems.

Affected Vehicles: Expanding Certificate-Based Diagnosis

Certificate-based diagnosis was initially introduced in E-Class facelift vehicles (model series W213 facelift) with specific control units. The S-Class W223 marked the full-scale implementation of this security measure. Moving forward, all new Mercedes-Benz model series and facelifts will incorporate certificate-based diagnosis as a standard security feature.

Key Changes to the Diagnosis Procedure

The primary change in the diagnosis procedure involves the requirement of a manufacturer-provided certificate to enable diagnostic operations. At the beginning of each diagnosis session, a secure certificate exchange occurs between the diagnostic tester and the vehicle. This certificate exchange process is managed seamlessly within the tester application, operating in the background without requiring manual intervention.

Obtaining Your Certificate: Guidance for Independent Workshops and Tool Manufacturers

The process for obtaining certificates varies depending on your workshop type and diagnostic tools:

Independent Workshops:

  • XENTRY Diagnosis Kit 3 or 4, or XENTRY Pass Thru EU Users: Certificates are provided directly by Mercedes-Benz AG at no additional cost.
  • Independent Manufacturer Diagnosis Tool Users: Certificates are provided by your tool manufacturer, provided they have established a data agreement with Mercedes-Benz AG. Contact your tool manufacturer for specific instructions.

Diagnosis Tool Manufacturers: (Please refer to Mercedes-Benz AG partnership documentation for certificate integration procedures.)

Technical Inspection Agencies or Official Bureaus: (Specific certificate acquisition processes are in place; please consult your Mercedes-Benz AG contact for details.)

Cost Considerations for Certificate Implementation

Mercedes-Benz AG provides the necessary certificates to all authorized customers free of charge. This commitment ensures that enhanced security measures do not impose additional financial burdens on workshops and service providers.

Data Requirements for Access Authorization

The specific data required for access authorization depends on the level of access needed:

  • Read Access Authorizations: These are organization-bound and must be issued for an organization or service operation.
  • Write Access Authorizations: These are personalized and require prior personal authentication, either through Mercedes-Benz AG or your independent tool manufacturer, ensuring a higher level of security for critical functions like XENTRY Flash.

OBD-II Access and Certificate-Protected Functions

Standard OBD-II functions (SAE J1979) remain accessible without any restrictions or certificate requirements. These basic diagnostic functions ensure continued access to essential vehicle data. However, all advanced diagnostic functions beyond OBD-II now necessitate diagnosis certificates. The type of certificate required (organization-bound or personal) depends on the specific access authorization level.

XENTRY Flash Support and Assistance Resources

For any inquiries or assistance related to XENTRY Flash, a dedicated support section is available within the XENTRY Diagnosis software. You can navigate to the “Need help?” section and select the most relevant category to find answers to frequently asked questions. If you cannot find the information you need in the FAQs, you can easily open a support ticket at the bottom of the page for personalized assistance: Support Ticket.

* except smart model #1

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *