Posted inCardiagtech

Enhanced Security for XENTRY Diagnosis: Understanding XENTRY PassThru SCN Coding and New Authentication Protocols

No Comments

As vehicles become increasingly sophisticated and interconnected, the security of diagnostic processes is paramount. For professionals utilizing XENTRY Diagnosis, particularly for Xentry Passthru Scn Coding, significant security enhancements have been implemented. This article outlines these crucial updates, focusing on the new two-factor authentication and certificate-based diagnosis, ensuring you are fully informed and prepared.

Mercedes-Benz has introduced a mandatory second authentication layer for ECU commissioning, programming, and coding (XENTRY Flash). This additional security measure, similar to online banking TAN authentication, is essential for protecting vehicle systems from unauthorized access and cyber threats. For workshops and technicians performing vital tasks like SCN coding through XENTRY PassThru, understanding and adapting to these changes is now a necessity.

To authenticate your access, you will need to utilize one of the following two-factor authentication methods:

  • Smartphone Authenticator App: Applications such as PingID or Microsoft Authenticator provide a convenient and secure method for verifying your identity.

  • USB Security Key: You can opt for any USB security key that adheres to the FIDO2 standard. These keys are readily available from electronics retailers and offer a robust hardware-based authentication solution.

It is highly recommended to set up both authentication options. This redundancy ensures that if you lose access to one factor, the other will allow you to continue working without interruption. A helpful guide, the HelpCard, is available for download to assist you in setting up these factors, ensuring a smooth transition to the new security protocol.

HelpCard Download Link

Resetting Your Second Factor Authentication

In situations where you lose access to your authentication method, several recovery options are available:

  1. Alternative Second Factor: If you have configured both a smartphone app and a USB security key, you can simply use the alternative method to regain access.

  2. Organization Administrator Reset: If you lack an alternative second factor, your organization administrator can reset your authentication. You can identify your Org admin through your profile data in Alice by clicking on “Administrators.” Administrators can follow specific instructions to reset the second factor, enabling you to set up a new one.

Instructions for Org Admin to Reset Second Factor

Versatile Applications Including XENTRY PassThru SCN Coding

XENTRY Flash, fortified with these new security measures, remains a versatile tool for a range of Mercedes-Benz vehicles, including cars (Mercedes-Benz, smart*, Maybach, and SLR) and vans. Crucially, this extends to XENTRY PassThru, allowing independent workshops to perform essential functions like SCN/CVN coding and equipment code entry. For trucks, an online parameterization process streamlines control unit replacement data availability. All these processes are integrated within XENTRY Diagnosis and XENTRY DAS, minimizing manual intervention and optimizing workflow efficiency.

*excluding smart model #1

Automatic SCN Coding and VeDoc Integration

Following ECU programming, the SCN coding process, if supported by the control unit, and VeDoc reverse documentation are executed automatically within the VeDoc Vehicle Documentation System. This seamless integration ensures that any modifications to the vehicle or ECU software are promptly updated on the VeDoc vehicle data card, maintaining accurate and up-to-date vehicle records. This is particularly beneficial for workshops performing XENTRY PassThru SCN coding, as it reduces manual steps and potential errors.

Streamlined Workflow with Single Sign-On

The Single-Sign-On (SSO) feature further enhances workflow convenience. Once logged into one XENTRY workshop application (e.g., XENTRY Flash, WIS), no additional logins are required for other central online systems. This eliminates repetitive sign-in procedures, promoting a smoother and more efficient workshop operation. Users are automatically logged out after one hour of inactivity, balancing convenience with security.

New Diagnosis User Rights and Security Concept

Introduced alongside the E-Class facelift and the new S-Class, a novel security concept necessitates personalized user rights for XENTRY Diagnosis. As of the 06/2020 data release, accessing the new E-Class and S-Class models requires a personal username and password. Diagnosing these vehicles is impossible without proper authorization, marking a significant shift in how repairs and diagnostics are performed. Notably, XENTRY Diagnosis Kit 2 is no longer sufficient for these models; a XENTRY Diagnosis Kit 3 or higher is now mandatory.

Two distinct user right types are now in place:

  • XENTRY Standard Diagnosis: For users without XENTRY Flash authorization, primarily for tasks like reading and clearing fault memories.
  • XENTRY Flash User: Equivalent to the previous XENTRY Flash user, granting broader access including coding and programming.

To obtain the necessary user rights:

  1. XENTRY Flash Authorization: Both Standard and Extended Flash roles (for all CeBAS vehicles) are obtainable through UMAS. Each user must complete a one-time identification process via UMAS to acquire these roles.

  2. XENTRY Standard Diagnosis Rights: All diagnosis users must independently request Standard Diagnosis rights via UMAS and undergo the one-off identification. Market-specific ISP support may need to create the user in GEMS if a user ID is not already present.

Certificate-Based Diagnosis: A Necessary Security Evolution

The increasing sophistication of vehicles, transforming them into “mobile computers,” has made them prime targets for cyberattacks. Growing media attention and upcoming UNECE regulations mandate enhanced vehicle protection. Mercedes-Benz is proactively implementing security measures, including certificate-based diagnosis, to combat unauthorized access.

To safeguard against unauthorized diagnostic interventions, new Mercedes-Benz vehicle software architectures now incorporate user-related security certificates. This system was initially introduced with the E-Class facelift (model series W213 facelift) for individual control units and fully implemented with the S-Class W223. Future models and facelifts will universally adopt certificate-based diagnosis.

Changes to the Diagnosis Process

Moving forward, performing diagnosis requires a manufacturer-provided certificate. At the start of each diagnosis session, this certificate is exchanged between the diagnostic tester and the vehicle. This automated background process within the tester application ensures a secure and authenticated diagnostic environment. This certificate system is vital for secure XENTRY PassThru SCN coding and other advanced diagnostic functions.

Obtaining Certificates: Registration Process

For Independent Workshops:

  • If you possess a XENTRY Diagnosis Kit 3 or 4, or utilize XENTRY Pass Thru EU, certificates are provided directly by Mercedes-Benz AG.
  • If you use a diagnostic tool from an independent manufacturer, certificate provision depends on whether the tool manufacturer has a data agreement with Mercedes-Benz AG.

For Diagnosis Tool Manufacturers, Technical Inspection Agencies, and Official Bureaus: Specific processes and agreements are in place; please contact Mercedes-Benz AG for detailed information.

Costs Associated with Certificates

Mercedes-Benz AG provides these essential security certificates to all customers free of charge, underscoring their commitment to secure vehicle diagnostics across the board.

Data Requirements for Access

Data requirements vary based on the access level needed:

  • Read Access Authorizations: Linked to an organization and must be issued for an organization/service operation.
  • Write Access Authorizations: Personalized and require prior personal authentication, either through Mercedes-Benz AG or the independent tool manufacturer. This is particularly relevant for functions like XENTRY PassThru SCN coding.

OBD-II Access and Functions Requiring Certificates

Standard OBD-II functions (SAE J1979) remain unrestricted and available without certificates. However, all advanced diagnostic functions, including SCN coding via XENTRY PassThru, necessitate diagnosis certificates. These certificates may be organization-bound or person-bound, depending on the required access authorization level.

XENTRY Flash Support Resources

For further assistance, the “Need help?” section within XENTRY Flash provides FAQs and a ticket submission system for specific queries. This ensures readily available support for any challenges encountered during the transition to these enhanced security protocols.

By understanding and implementing these new security measures, particularly the two-factor authentication and certificate requirements, workshops can continue to perform XENTRY PassThru SCN coding and other essential diagnostic and programming tasks securely and efficiently within the Mercedes-Benz ecosystem.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *