The PFDX was an electronic encryption unit
for the protection of facsimile lines (fax),
developed by Philips Crypto
in the late 1980s.
The device was intended for the professional market, such as the police,
large corporations, the Department of Defense and the government.
The PFDX was also sold as a rebatched product by
Mils Elektronik (Austria),
where it was called Fax Encryptor.
The PFDX was suitable for the protection of any common (analogue) facsimile
machine, and was connected directly between the fax and the line.
For protection and authentication, a smart card with matching PIN code
is used. The smart card is inserted into the slot
at the bottom left, whilst the PIN code is entered on the numeric keypad.
The device is based on the same encryption technology as its 'sister' device,
the PNVX crypto phone, featuring the same crypto card
or crypto heart, with Philips' in-house developed
of which 3 variants were available.
Depending on the customer, a different type of crypto heart (and hence
a different crypto chip) was issued.
The one shown in the image above is the PFDX 2035, which was available to
certain civil users. A special variant, the PFDX 6335,
was available for use by the Dutch Government.
For oil giant Shell, a special version
protected by a physical key
and a metal cover was developed [C].
After the demise of Philips Crypto in 2003, most PFDX units remained in use
for many years, along with the complementary
PNVX crypto phones. After the
telecom security authority NBV
proposed to revoke the approval of the PFDX on 1 July 2008 ,
a number of users objected. As a result,
PFDX was used well beyond its technical life, in some cases as late as 2012.
Operation of the PFDX is relatively simple. Before use, the user
inserts his personal smart card
and enters his Personal Identification Number (PIN)
on the numeric keypad at the right. Once the PIN is accepted, the unit
enters crypto/standby mode. The keypad is not used for entering the
addressee's phone number; this is done on the fax machine itself.
By default the PFDX works in CRYPTO mode, but it is possible to send
fax messages in plain mode by pressing the PLAIN key.
Once a fax is sent, the unit always returns to CRYPTO mode, so that
the next message can never accidently be sent in plain mode. The
grey program keys are for testing and error diagnostics. The current status
is always shown on the display, along with the name of the
card holder. After switching the unit ON, it first performs a Built-In
Self Test (BITE). In addition to this, the user can also run a performance
test from the keypad, by accessing the test menu via the
grey MENU key.
The rear panel contains the ON/OFF switch and three sockets for connection
to the outside world. The mains power inlet is at the right and is suitable
for the 220V AC mains. Along the bottom edge, two RJ-11 sockets are
available for connection to the fax machine and the telephone
line respectively. Customised adapters were used for connection to the local public
For encryption and decryption of the fax data, Philips' own in-house
developed crypto processors
were used. With these crypto chips, a stream
cipher was created in which a key stream was added to the data stream
by means of modulo-2 addition (XOR). The key stream generator takes
a 120 bit cryptographic key (> 1038 keys) and has a cycle length (crypto period) of
> 10,000 years.
For key management, an hierarchic matrix system was used, in which a
maximum of 2000 users could be assigned to a single group. The keys were
stored on a so-called TB-100 smart card that was issued to each user
along with a PIN code1 for verification and activation.
The unit offers peer entity authentication, which guarantees (under
the condition that the user's authorisation passes off positively at both
ends) that the other party is actually who he or she claims to be.
PIN = Personal Identification Number.
Although the PFDX may seem a simple device at first sight, in reality
it is not. The simplified block diagram below shows what is happening
under the bonnet . The existing fax is connected at the right, whilst
the telephone line is at the left. At both ends, suitable MODEMs convert
between analogue and digital signals. As the fax protocol works in both
directions (the fax machine can be the sender and the recipient), each side
has its own fax protocol detector. At the line-end this is also used as
the sync-detector which is responsible for synchronisation with the data
During initialisation and when establishing a connection,
the modems transfer data (half duplex) at 300 baud. Once the connection
is established, the actual fax data is transferred at 2400, 4800, 7200
or 9600 baud, depending on the equipment at the other end and the
quality of the line.
Under control of the CPU, the relevant data packets are extracted from
and inserted into the data stream without affecting or altering the actual
fax protocol. This means that only the actual data bits (i.e. the scanned
information) are encrypted. The PFDX is only suitable for encryption of
Group 3 Fax information. Group 2 fax signals and voice data are passed
unencrypted (if the unit is configured to do so). In the latter case,
both ends are connected through the bypass switch.
In order to avoid sending confidential information in plain mode
accidently, an alarm is raised when the unit is unable to establish
a Group 3 fax connection or when synchronisation is lost and repeated
attempts to re-synchronize have failed. The user may then take
Once the 4 bolts have been removed, the entire interior can be
removed from the front of the case.
The PFDX consists of three functional modules:
an interface board (I/F)
(the largest PCB), a crypto board
(mounted on top of the I/F) and a front panel with LCD display
All parts are connected to the crypto board which also holds the mains
power supply unit (PSU). After disconnecting 4 flat cable connectors
from the crypto board, the latter can be
folded away, exposing the full interior.
The I/F board holds the front and rear panels together.
The interface board holds the
two line interfaces (to the fax machine and
to the analogue phone line or PABX), each of which consists of a high-quality
line transformer and a Rockwell-based fax modem chip. For control of the modems,
the board has its own microprocessor, with suitable firmware and memory.
The physical connection to the outside lines is by means of
small line modules
made by MBLE in Belgium, that adapt the PFDX to the local RJ-11 connection standard.
The crypto board is mounted on 4 supporting posts held by the I/F board.
It has components on both sides: all conventional through-hole components
at the top, and all
SMD components at the bottom.
This board also holds the PSU.
The crypto board contains two microprocessors:
one for the card reader and
one for the overall control of the device.
The latter controls the front panel and the two line interfaces on the
I/F board. Each processor has its own memory and firmware.
The SMD circuits at the bottom
are for synchronisation and framing detection/control.
The actual crypto heart
is shown in the image above. It is mounted on 4
short mounting posts, just in front of the PSU, and consists of a small
PCB that holds the actual crypto chips (ASIC), two CPLDs and a 8051
processor. As this was a controlled item, the electronics are housed
in a black tamper-proof package. In the PFDX featured here, two
Philips OQ4435 crypto chips were used.
The components inside the black enclosure
are covered in blue hardened epoxy and can not be accessed without
causing permanent damage.
The image on the right shows the interior of the crypto heart that was
used in the PFDX 6335, the version used by the Dutch government.
It is nearly identical to the sealed black crypto heart shown above,
but contains two OQ4436 crypto chips instead of OQ4435 used in the PFDX 2035.
➤ More information
Crypto museum are currently looking for one or more TB-100 smart cards
and additional PFDX units, so that we can demonstrate a working setup.
If you have any PFDX-related items available, please contact us.
The PFDX is known under the following names and designators:
- PFDX 2035
- PDFX 6335 (Government version)
- UP 2035
- UP 6335
- Fax Encryptor (Mils)
- FPE-3 (Shell)
Document kindly provided by AIVD/NBV .
- AIVD, NBV Nieuwsbrief December 2006
December 2006 (Dutch). Retrieved January 2012.
- Philips Crypto BV, PFDX 2035 Facsimile Encryption Unit. System Description.
9922 154 17091. Provisial release, revision E. Date unknown but probably 1990.
- AIVD/NBV, Collection of documents about Philips Crypto products
Received February 2018. CM-202832-C.
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Friday 19 August 2011. Last changed: Saturday, 17 August 2019 - 12:32 CET.