In the evolving landscape of automotive diagnostics, security is paramount. For professionals utilizing XENTRY for ECU programming, coding, and commissioning, robust security measures are now integral to the process. Specifically, accessing XENTRY Flash for these critical tasks requires a mandatory second layer of authentication, adding an essential safeguard against unauthorized access and enhancing the security of your vehicle systems. This enhanced security protocol is designed to protect sensitive vehicle data and systems, mirroring the stringent security measures employed in online banking through a two-factor authentication system.
To successfully authenticate and proceed with Xentry Online Programming, you will need to establish one of the following two authentication factors:
-
Smartphone Authenticator App: Choose from popular authenticator applications such as PingID or Microsoft Authenticator, readily available on your smartphone.
-
USB Security Key: For a hardware-based security option, any USB security key that adheres to the FIDO2 standard is compatible. These keys are widely accessible from electronics retailers or directly from security key manufacturers.
It is highly recommended to configure both authentication methods from the outset. This proactive approach ensures uninterrupted workflow, providing a backup authentication method should you misplace or lose access to one of your primary factors. To guide you through the setup process, a comprehensive HelpCard is available for download, offering step-by-step instructions for configuring your chosen authentication factors.
Troubleshooting Authentication Issues
Encountering difficulties with authentication? Here’s how to resolve common access issues:
-
Alternative Second Factor: If you’ve lost access to your smartphone authenticator but have configured a USB security key as a secondary factor, simply utilize your USB key for authentication.
-
Org Admin Assistance: In situations where you lack an alternative second factor, reach out to your organization’s administrator (org admin). They possess the authority to reset your second factor, enabling you to establish a new authentication method. If you are unsure who your org admin is, you can easily locate this information within Alice under your profile data by clicking on “Administrators.”
For organization administrators requiring guidance on resetting second factors, detailed instructions are provided in a dedicated PDF document:
Instructions for org admins on how to reset the second factor
Versatile Applications of XENTRY Online Programming in Your Workshop
XENTRY Flash, empowered by secure online programming, offers a wide spectrum of functionalities crucial for modern vehicle servicing. Whether you are engaged in flashing, SCN/CVN coding, or inputting equipment codes, XENTRY Flash seamlessly integrates with Mercedes-Benz Cars (including smart*, Maybach, and SLR) and Mercedes-Benz Vans. For commercial vehicles, an efficient online parameterization process streamlines control unit replacements, accelerating data availability within the workshop. Importantly, all these processes are deeply embedded within the familiar XENTRY Diagnosis and XENTRY DAS software, minimizing manual interventions and optimizing workflow efficiency for your technicians.
* except smart model #1
Streamlined Post-Programming Procedures: Automatic SCN Coding and VeDoc Updates
Following ECU programming, XENTRY online programming automates critical post-programming tasks. SCN coding, when permitted by the control unit, and VeDoc reverse documentation are executed automatically within the VeDoc Vehicle Documentation System. This seamless integration ensures that any modifications to the vehicle or ECU software are meticulously recorded and updated on the VeDoc vehicle data card, maintaining accurate and up-to-date vehicle records.
Enhanced Workflow with Single Sign-On (SSO)
XENTRY online programming contributes to a streamlined workshop experience through Single Sign-On (SSO) functionality. Once logged into any XENTRY workshop application, such as XENTRY Flash or WIS, there is no need for repeated logins to access central online systems. This unified access significantly improves workflow efficiency, allowing technicians to move seamlessly between different applications. For security, the system automatically logs users out of online systems after one hour of inactivity.
Understanding Diagnosis User Rights: Adapting to Evolving Security Standards
The introduction of the E-Class facelift and the new S-Class marked a significant shift towards enhanced vehicle security, directly impacting the utilization of XENTRY Diagnosis software.
Starting from the 06/2020 data release, accessing diagnostics for the new E-Class and S-Class models necessitates entering a personalized username and password. Diagnostic procedures on these vehicles are no longer possible without this authentication, signifying a move towards controlled and authorized access. This change mandates that every user undergoes an identification process to acquire the necessary user rights for diagnosing the E-Class facelift and subsequent models. It is also crucial to note that diagnosing these model series is not supported with XENTRY Diagnosis Kit 2; a XENTRY Diagnosis Kit 3 or later is required.
Two distinct tiers of user rights are implemented:
-
XENTRY Standard Diagnosis: Designed for users who require basic diagnostic functions without XENTRY Flash authorization, such as reading and clearing fault memories.
-
XENTRY Flash User: Equivalent to the existing XENTRY Flash user role, granting access to programming and coding functionalities.
To obtain the appropriate user rights, follow these steps:
-
XENTRY Flash Authorization: Both Standard-Flash and Extended Flash roles (for all CeBAS vehicles) can be requested via UMAS. Each user must complete a one-time identification process through UMAS to acquire Flash roles.
-
XENTRY Standard Diagnosis Rights: Every diagnostic user needs to independently request Standard Diagnosis rights via https://umas.mercedes-benz.com/umas and complete the one-off identification process. In some cases, market-specific ISP support may need to create the user in GEMS if a user ID is not already present.
The Rationale Behind Certificate-Based Diagnosis
Modern vehicles are increasingly sophisticated, evolving into “mobile computers.” This technological advancement, while offering numerous benefits, also makes vehicles more vulnerable to cyber threats and unauthorized access. Growing media attention on vehicle hacking and misuse, coupled with forthcoming UNECE regulations mandating vehicle protection, has driven Mercedes-Benz to implement robust security measures. Certificate-based diagnosis, requiring user-related security certificates, is a key element in safeguarding against unauthorized diagnostic access to new Mercedes-Benz vehicle software architectures.
Vehicle Models Incorporating Certificate-Based Diagnosis
Certificate-based diagnosis was initially introduced in E-Class facelift vehicles (model series W213 facelift) with specific control units. The S-Class W223 marked the comprehensive implementation of this security feature across all systems. Moving forward, all new model series and facelifts will incorporate certificate-based diagnosis as a standard security protocol.
Changes to the Diagnostic Process with Certificate-Based Security
Certificate-based diagnosis introduces a crucial security layer to the diagnostic process. In the future, performing diagnostics will necessitate a certificate issued by the vehicle manufacturer. At the start of each diagnostic session, this certificate undergoes an automated exchange between the diagnostic tester and the vehicle. This certificate exchange process is seamlessly managed within the tester application, operating in the background without requiring direct user intervention.
Obtaining Certificates and Navigating the Registration Process
The certificate acquisition process varies depending on your workshop type:
Independent Workshops:
- XENTRY Diagnosis Kit 3 or 4, or XENTRY Pass Thru EU Users: Certificates are directly provided by Mercedes-Benz AG.
- Independent Manufacturer Diagnosis Tool Users: Certificates are provided by the tool manufacturer, provided they have a data agreement with Mercedes-Benz AG.
Diagnosis Tool Manufacturers, Technical Inspection Agencies, and Official Bureaus: (Further details on certificate acquisition for these entities are available upon request).
Cost Implications of Certificate-Based Diagnosis
Mercedes-Benz AG provides certificates to all customers free of charge, ensuring that enhanced security measures do not impose additional costs on users.
Data Requirements for Certificate Acquisition and Access
Data requirements vary based on the level of access required:
- Read Access Authorizations: These are organization-bound and issued for an organization or service operation.
- Write Access Authorizations: These are personalized and necessitate prior personal authentication, either through Mercedes-Benz AG or the independent tool manufacturer.
OBD-II Functionality and Access Restrictions
Standard OBD-II functions (SAE J1979) remain unrestricted and accessible without requiring certificates. However, all advanced diagnostic functions beyond OBD-II necessitate diagnosis certificates, with the specific certificate type (organization-bound or person-bound) depending on the required access authorization level.
XENTRY Flash Support Resources
For any assistance or queries related to XENTRY Flash, comprehensive support resources are readily available. Explore the “Need help?” section within the XENTRY application to access FAQs and troubleshooting guides. If you cannot find the necessary information, you can submit a support ticket via the ticket link at the bottom of the page for direct assistance.
