In the evolving landscape of automotive diagnostics, security is paramount. As a dedicated content creator for xentryportal.store and an expert in automotive repair, I’m here to guide you through critical updates to XENTRY Diagnosis security. This article focuses on a key change: the enhanced security measures for Xentry Flash Login, ensuring your diagnostic processes are both efficient and protected.
Mercedes-Benz has implemented a significant security upgrade for XENTRY Diagnosis, particularly affecting ECU commissioning, programming, and coding (XENTRY Flash). To safeguard against unauthorized access and potential cyber threats, a secondary authentication layer is now mandatory for every user accessing XENTRY Flash functionalities. This enhanced security protocol, similar to the TAN authentication used in online banking, adds a robust layer of protection to your diagnostic operations.
This second authentication factor is essential for anyone utilizing XENTRY Flash. You will need to establish one, or ideally both, of the following authentication methods to ensure seamless and secure access:
-
Smartphone Authenticator App: Utilize an authenticator application on your smartphone. Popular and compatible options include PingID and Microsoft Authenticator. These apps generate time-based one-time passwords (TOTP) that provide a dynamic and secure authentication method.
-
USB Security Key: Alternatively, you can employ a USB security key. The system supports any security key that adheres to the FIDO2 standard. These keys are readily available from electronics retailers or directly from manufacturers, offering a hardware-based security solution.
For optimal security and uninterrupted workflow, we strongly advise setting up both authentication options from the outset. Having both a smartphone app and a USB security key configured provides redundancy. Should you misplace or lose access to one authentication factor, the other will serve as a backup, ensuring you can maintain access to XENTRY Flash and continue your diagnostic work without delay.
To assist you in the straightforward setup process of these authentication factors, Mercedes-Benz has provided a helpful and concise HelpCard. This resource is readily available for download, offering step-by-step guidance.
Resetting Your Second Authentication Factor
Situations may arise where you lose access to your second authentication factor. However, there are clear procedures in place to regain access and continue your work:
-
Utilize an Alternative Second Factor: If you have configured both authentication methods and have lost access to your smartphone (for example), you can simply use your USB security key to authenticate. This highlights the benefit of setting up both options proactively.
-
Contact Your Organization Administrator: If you haven’t set up an alternative second factor and are unable to authenticate, your organization administrator is your point of contact. Organization administrators possess the authority to reset your second factor. This reset allows you to then establish a new second authentication method. If you are unsure who your organization administrator is, you can easily find this information within Alice, under your profile data. Navigate to the “Administrators” section to identify your designated administrator.
Comprehensive instructions are also available for organization administrators, detailing the process of resetting the second factor for users. This ensures administrators are well-equipped to handle these situations efficiently.
Versatile Applications of XENTRY Flash in Your Workshop
XENTRY Flash is a versatile tool within XENTRY Diagnosis, supporting a wide range of critical workshop operations across various Mercedes-Benz vehicles. Whether you are working on Mercedes-Benz Cars (including smart*, Maybach, and SLR) or Mercedes-Benz Vans, XENTRY Flash is fully integrated within the diagnostic software (XENTRY Diagnosis, XENTRY DAS). This integration streamlines workflows and minimizes manual interventions required from your technicians for tasks such as:
- ECU Flashing
- SCN/CVN Coding
- Entering Equipment Codes
* Please note that smart model #1 is an exception.
Streamlined Processes: Automatic SCN Coding and VeDoc Reverse Documentation
Efficiency is a key benefit of XENTRY Flash. After control unit programming is completed, the system automates crucial backend processes. SCN coding (where permitted by the control unit) and reverse documentation within the VeDoc Vehicle Documentation System are executed automatically. This ensures that any modifications made to the vehicle or its control unit software are accurately and immediately updated on the VeDoc vehicle data card, maintaining a precise and up-to-date vehicle history.
Enhanced Convenience with Single Sign-On (SSO)
XENTRY Flash contributes to a more convenient and streamlined workshop experience through Single Sign-On (SSO) functionality. Once you have successfully logged into one Mercedes-Benz workshop application (such as XENTRY Flash, WIS, or others), you will not be prompted to re-authenticate when accessing other central online systems. This single sign-on capability significantly reduces login fatigue and promotes smoother, more efficient workflows throughout your diagnostic processes.
Understanding New Diagnosis User Rights (Effective June 2020)
With the introduction of newer Mercedes-Benz models, specifically the E-Class facelift and the new S-Class, a revised security concept was implemented in June 2020. This update has implications for XENTRY Diagnosis software user rights.
Since the June 2020 data release, accessing the new E-Class and S-Class vehicles requires a personalized username and password. Diagnosis of these models is impossible without entering valid credentials, signifying that unauthorized diagnosis is no longer feasible. To repair or diagnose these newer vehicles, every user must undergo an identification process to acquire the necessary user rights. It’s also important to note that diagnosing these model series with a XENTRY Diagnosis Kit 2 is no longer supported; a XENTRY Diagnosis Kit 3 or later is now required.
Two distinct types of user rights are now in place:
-
XENTRY Standard Diagnosis: This right is intended for users who require basic diagnostic functions but do not need XENTRY Flash authorization. This level allows for tasks such as reading and erasing fault memories.
-
XENTRY Flash User: This user right corresponds to the previous XENTRY Flash user access level, granting full access to XENTRY Flash functionalities.
Acquiring User Rights:
1. XENTRY Flash Authorization: Both XENTRY Flash roles (Standard-Flash and Extended Flash for all CeBAS vehicles) are obtainable through the User Management & Authentication System (UMAS). Each user must complete a one-time identification process via the UMAS portal to obtain these Flash roles.
2. XENTRY Standard Diagnosis Rights: Similarly, every diagnosis user requiring Standard Diagnosis rights must independently request them through the UMAS portal and complete the one-off identification process. In some market-specific instances, ISP support might need to create the user in GEMS if a user ID does not already exist.
The Rationale Behind Certificate-Based Diagnosis
Modern vehicles are increasingly sophisticated, essentially becoming “mobile computers.” This technological advancement, while beneficial, also makes vehicles potential targets for cyberattacks and misuse. Growing media attention on vehicle hacking and evolving UNECE regulations mandating vehicle protection have driven Mercedes-Benz to implement robust security measures.
To proactively protect against unauthorized diagnostic access, Mercedes-Benz introduced a new vehicle software architecture incorporating user-related security certificates. This certificate-based diagnosis system adds a crucial layer of security to vehicle communication.
Vehicle Models Impacted by Certificate-Based Diagnosis
Certificate-based diagnosis was initially introduced in E-Class facelift vehicles (model series W213 facelift) for individual control units. Full implementation was realized with the S-Class W223. Moving forward, all new Mercedes-Benz model series and facelifts will incorporate certificate-based diagnosis as a standard security feature.
Changes to the Diagnosis Process
The primary change in the diagnosis process is the requirement for a manufacturer-provided certificate. At the start of each diagnosis session, a secure certificate exchange occurs between the diagnostic tester and the vehicle. This certificate exchange process is handled automatically within the tester application and operates seamlessly in the background, minimizing any disruption to your diagnostic workflow.
Obtaining Certificates and Registration
The certificate acquisition process varies based on your workshop type:
Independent Workshops:
- XENTRY Diagnosis Kit 3 or 4, or XENTRY Pass Thru EU Users: Certificates are directly provided by Mercedes-Benz AG.
- Independent Manufacturer Diagnosis Tool Users: Certificates are provided by your tool manufacturer, provided they have a data agreement with Mercedes-Benz AG.
Diagnosis Tool Manufacturers: (Information relevant for tool manufacturers)
Technical Inspection Agencies or Official Bureaus: (Information relevant for these organizations)
Associated Costs for Customers
Mercedes-Benz AG provides these essential security certificates to all customers completely free of charge, underscoring their commitment to security without adding financial burden to users.
Data Requirements for Access
The specific data required for access depends on the level of authorization needed:
-
Read Access Authorizations: These are organization-bound and must be issued for an organization or service operation.
-
Write Access Authorizations: These authorizations are personalized and necessitate prior personal authentication, either directly with Mercedes-Benz AG or with the independent tool manufacturer.
OBD-II Functionality and Certificate Requirements
Standard OBD-II functions (SAE J1979) remain unrestricted and accessible without requiring certificates. However, all diagnostic functions beyond basic OBD-II require diagnosis certificates. The type of certificate needed (organization-bound or person-bound) depends on the specific access authorization level required for the diagnostic task.
XENTRY Flash Support Resources
For any queries or assistance related to XENTRY Flash, comprehensive support resources are available. Within the “Need help?” section of the XENTRY Flash interface, you can select the appropriate category to browse frequently asked questions (FAQs). If you cannot find the answer you need within the FAQs, you can easily open a support ticket at the bottom of the page to receive direct assistance from the support team.
