Spy sets
Burst encoders
Logo (click for homepage)
Philips PNVX
Secure Crypto Phone

PNVX was a series of secure telephone units, developed by Philips Crypto around 1988. It was intended for the professional market, such as the Police, the Department of Justice, the Department of Defence (DoD), Foreign Affairs, etc. It was Philips Crypto's first attempt to expand their market, after dealing exclusively with the DoD for many years. PNVX was also sold by Siemens as the Crypset 100 [8], and by Mils in Austria. It is also known as SPENDEX 9600.
The first generation of secure phones was the PNVX-20xx series, which was introduced around 1991. Depending on the required features, users had a choice between the PNVX-2015, PNVX-2017 and the PNVX-2019. The latter two (2017 and 2019) also featured a V.24 data-interface, allowing secure PC connections (data) in addition to speech.

The image on the right, shows the top-of-the-range PNVX-6317 secure crypto phone. The images below show some of its characteristics, such as the crypto and plain buttons.
Philips PNVX-6317 secure crypto phone

The PNVX-series allows secure voice communication over standard insecure telephone lines (PSTN). Unlike older and less advanced systems that used (analog) voice scrambling, the PNVX employs advanced digital encryption using Philips proprietary cryptographic algorithms.

The analog voice signal from the microphone is first digitised with a vocoder (LPC-10) and then enciphered with the built-in crypto unit. Although approval for the PNVX phones has officially been withdrawn in 2010 [6] many of them were still in use by the Dutch Government in 2012.
Philips PNVX-6317 secure crypto phone Close-up of the crypto and plain keys Using the PNVX in plain voice mode Close-up of the display The PNVX is self-test mode Using an unauthorized card A small note pad hidden at the bottom of the phone Mains power socket (Euro-style)

Deciphering was possible only if the person at the other end had a compatible crypto phone (i.e. a phone from the same series), an appropriate TB-100 key card and the correct PIN. At the beginning of a secure sessions, both ends had to synchronise (12 to 24 seconds) and advanced authentication protocols were used to exchange the keys and authenticate the user's identity.
Personal Key Card
Each user of the PNVX crypto phone was issued a so-called TB-100 Personal Key Card. The card had the same size as a standard credit card, but contained a micro chip with the user's unique personal key, identity and other information.
Secure communication was only possible if the user's key card was inserted into a slot at the right of the phone and the matching Personal Identification Number (PIN) had been entered.

At the beginning of each secure crypto session, the identification of the person at the other end would appear in the display, so that you could check wether that person was who he said he was. The image on the right shows two such key cards.
examples of TB-100 key cards

Two Personal Key Card on top of a PNVX-2017 Close-up of the Personal Key Card slot Inserting the Personal Key Card Close-up of the key card reader Using an unauthorized card

V.24 Data Interface
Some models, like the PNVX 2017, 2018 and the later 63xx series, featured a V.24 data interface that was available as a 25-pin sub-D connector at the rear of the unit.
The V.24 interface enabled the phone to send data in addition to speech, allowing the connection of digital terminal equipment, such as a computer (via the COM-port), a printer of a fax unit.

Like speech, data was sent at 2400 baud, which was considered the higest possible speed available on all telephone networks world-wide at the time. When used between two computers, the PNVX would act as a (secure) modem.
V.24 connection to the right of the telephone line connector

Although the PNVX has the looks of a standard telephone set, its weight reveils its actual identity. The bottom of the unit is made of die-cast aluminium and the top half is molded plastic. With the TEMPEST version of the PNVX, the plastic top has been sprayed on the inside with metal paint in order to provide some level of shielding.
The image on the right shows the interior of the PNVX after removing the plastic top half. The unit contains two large PCBs that are mounted together on a metallized plastic frame.

The top board contains the analog circuitry, like the line interface, the power supply unit (PSU) and the modem. It also contains some interfaces and the key card reader (on the right).

At the other side of the frame is the digital board that contains the 8088 CPU, memory, firmware (EPROMs) and V.24 interface.
The interior of the PNVX, showing the digital board and the crypto unit (at the centre)

The PNVX contains a number of (digital) processors. The main CPU is on the bottom board. It is an OKI-built Intel 8088 (M80C88A), complete with RAM, ROM, EPROM and I/O expanders. An additional 8-bit 8085 processor handles input from the keyboard and output to the LCD display.

On the top board is the LPC-10 vocoder, consisting of a NEC D78C10 processor, RAM and software in EPROM. Also on the top board is the ROCKWELL modem interface.
The interior of the PNVX, showing the digital board and the crypto unit (at the centre) Analog board of the PNVX, containing the line interface, PSU, modem and some control circuitry. Digital board of the PNVX, containing CPU, memory, firmware and interfaces. Close-up of the key card reader Telephone line interface Rockwell modem chip The LPC-10 vocoder, consisting of a NEC D78C10 processor with suitable software in EPROM. Top cover containing the keyboard and display

Crypto unit
A small plug-in unit at the centre of the top board is the actual crypto-heart of the PNVX. Without this daughter card, the PNVX acts just as an ordinary analog phone. Different versions of this crypto module were developed for various groups of users (government, army, police, civil use).
The crypto-unit plugs into the main board by means of four 12-pin connectors mounted at the four courners. The image on the right shows the bottom of the unit consisting of two ASICs - that contain the actual cryptographic algorithm - and a small controller. The latter is an 8-bit 8051-based One-Time-Programmable (OTP) micro controller built by Signetics.

At the other side of the board are two Fujutsu MB603206 CPLDs, containing customised 'glue-logic'. The MB603206 were among the first generation of programmable hardware chips.
Crypto Unit of the PNVX

The crypto-unit contains separate hardware for coding and decoding in order to allow full-duplex communication. The cryptographic algorithms inside the OQ4436 ASICs were controlled by the OTP microcontroller in the middle. Depending on the customer, the software inside the controller could be adapted. For large customers it was even possible to implement their own algorithm.

Considering the era in which the PNVX was developed (late 1980s), the design of the crypto module was really state-of-the-art. The fact that ASICs and the first generation of CPLDs were used, show that Philips was at the forefront of secure phone development.
Crypto Unit of the PNVX Top side of the crypto unit Close-up of a CPLD Close-up of a CPLD Close-up of the OTP controller on the crypto-unit Close-up of on of the ASICs Full-view of the bottom of the crypto-unit Crypto-unit at the heart of the PNVX

Known models
The PNVX-20xx series was followed by the PNVX-21xx series (1994) and finally the PNVX-63xx series in 1995. Several variations of the same principle were developed, such as a complete Crypto Switch (telephone exchange) and a separate encryptor for (analog) mobile communication networks (PNVX 2111). The PNVX-63xx series was developed especially for use by the Dutch government. The following models are currently known:
  • PNVX 2015, Secure Telephone
  • PNVX 2017, Secure Telephone (with data interface)
  • PNVX 2019, Secure Telephone (with data interface and extra functions)
  • PNVX 2118, Secure Telephone
  • PNVX 2111, Speech Encryptor
  • PNVX 2116, Crypto Switch
  • PNVX 4000 series
  • PLDX 6142, Line Encryptor
  • PNVX 6317, Crypto Telephone (for government use)
  • PNVX 6318, Crypto Telephone (for government use)
  • PFDX 6335, Fax Encryptor (for government use)
  • PPSX 6361, X.25 line encryptor
The name PNVX is the abbreviation of Philips Narrow-band Voice Encryptor. The letter 'X' is used here for 'Crypto' as with all other Philips Usfa crypto equipment. The abbreviation PFDX stands for Philips Fax and Data Encryptor. The internal designators for all secure phone products started with 'UP' followed by the model number, e.g. UP-2017 for the PNVX-2017 phone. The prefix 'UP' is most likely the abbreviation of Usfa Phone.
First Gulf War
During the First Gulf War in 1991, the Dutch Army operated on Iraqi territory under supervision of the United Nations (UN) in the operation Desert Storm. For secure communication with home, they used Philips PNVX phones, probably alongside the Spendex 40 (see below).
The image on the right shows two Dutch soldiers with blue UN barets checking in a large box with Philips PNVX phones at Schiphol Airport in Amsterdam, when leaving for Iraq. The label on the box shows PNVX 2017 as the model number, but it is highly unlikely that that model was actually used by the military.

It is far more likely that in reality the box contained the PNVX 6317 model, which used a more secure, government approved, encryption algorithm. The phone was often used by soldiers contact their families at home. To date, there have been no reports of compromised PNVX phones.

PNVX phones were not only used during the First Gulf War, but also during later conflicts, such as the Iraq War (2003) [10], by the Dutch Special Forces during Operation Enduring Freedom (OEF) in Afganistan (2005-2006) [11] and by the Army in Banja Luka (Bosnia Herzegovina) in 2006 [12].
Technical specifications
For the encryption/decryption of voice data, the PNVX used a stream cipher that uses the well known principle of modulo-2 addition (XOR) to mix the data and the key stream. The length of the key was 120 bits and the system allowed more than 1038 different keys to be used. Once started, the key stream had a cycle length of more than 10,000 years, meaning that the key stream would not repeat itself within that period.
The key stream was generated by an in-house (Philips) developed algorithm that was hard-wired inside a custom-made crypto module with Philips' own OQ443x crypto chips. It was also possible to implement customized algorithms, adding-in a bit of security by obscurity.   

For key management, the PNVX used a hierarchic matrix system that allowed up to 2000 users per group. Only users of the same group could communicate with each other. The actual key (group key and personal key) was stored on a separate key card (see above) which was used in combination with a PIN that had to be entered on the phone's keypad.

For authentication at the beginning of a crypto session, PNVX used peer entity authentication, which guarantees that the other party is indeed the one it claims to be. When sychronising two PNVX phones at the beginning of a crypto session, a randomly generated information key of 64 bits was used in combination with synchronisation check series (in-sync checks).

The PNVX was suitable for connection to standard PSTN (analog) telephone lines, using either pulse dialling (IDK) or dual tone DTMF (TDK) operation. It complied with the rules and regulation in the Netherlands, which were similar to the requirements in other countries.

Speech was first digitised using a 10-bit AD convertor and then processed by an LPC-10 vocoder in order to reduce the data rate to 2400 bits/s (baud). LPC-10 is a Linear Predictive Coding standard developed by the United States Department of Defense for use by NATO. It is also known as FS-1015 or STANAG-4198 [7]. It reduced the audio quality somewhat, but would still be better than 85% DRT. According to some users, the speech legibility of the PNVX was better than that of the Motorola STU-III. Computer data could be transmitted at the same speed (2400 baud) when connected to the V24 socket at the rear of the unit (PNVX 2017 and PNVX 2019 only).
For a long time PNVX phones were approved and used for secure voice communication up to the level of top secret, confidential and NATO secret (PNVX-6317/6318), even after the demise of Philips Crypto in 2003. As of 1 January 2010, approval has officially been withdrawn by the NBV [6], but the PNVX phones remain Controlled Cryptographic Items (CCI) for the time being. Some units were still actively being used in 2012. They are currently being phased out.
Rebadged versions
Philips PNVX phones were rather popular in The Netherlands and at NATO. In order to have a better coverage on the international market, they were also sold as a rebadged product by some other manufacturers.

In Germany, the PNVX was sold by Siemens as the Crypset 100 (shown on the right). The only difference is its colour and the company name on the front panel [8]. The Philips designator for the Crypset 100 was UP 1119. In Austria, the phone was sold by Mils Electronic.

Spendex 40
Although the slightly older Spendex 40 crypto phone uses the same LPC-10 speech digitizer, it is not compatible with the PNVX. The PNVX uses a Philips proprietary encryption algorithm, whilst the Spendex 40 uses the highly secret SAVILLE algorithm developed by GCHQ and the NSA.

PNVX phones were still used by the Dutch Army and by NATO after the STU-II compatible Spendex 40 was phased out in 2009.

 More information
Philips Spendex 40 crypto phone

Different names
  • PNVX
  • Spendex 9600
  • Crypset 100 (Siemens)
  • Mils Secure Phone (Mils)

Brochures of related products

Similar secure phones

  1. Philips Crypto BV, PNVX 2015, PNVX 2017, PNVX 2019 Operating Instructions

  2. Philips Usfa BV, High Grade Secure Telephone Set, System Descryption

  3. Philips Usfa BV, PNVX 6318 Crypto and System Installation Guide

  4. Philips Crypto BV, PNVX 211Y Product Family Brochure

  5. Philips Crypto BV, PNVX 6318, PFDX 6335 Brochure

  6. Nationaal Bureau voor Verbindingsbeveiliging (NBV, part of the AIVD),
    List of approved crypto products (Dutch)

    Retrieved March 2009.

  7. Wikipedia, LPC-10 Vocoder

  8. Jane's Military Communications, Siemens Cryptset 100 Telephone
    Fiftheenth Edition, 1994-95. page 523.

  9. Philips Crypto BV, PNVX 2118 leaflet
    Also known as SPENDEX 9600. International sales leaflet.

  10. R. Miedema, Commandovoeringsondersteuning SFIR3 (Dutch)
    Intercom 2004-4. p. 65-69.

  11. Website Boekje Pienter, Uruzgan

  12. Maurice Rijk on Linkedin

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Saturday, 22 February 2014 - 18:44 CET
Click for homepage