Secure Crypto Phone
PNVX was a series of secure telephone units,
developed by Philips Crypto around 1988. It was intended for
professional users like the Police, the Department of Justice,
the Department of Defence (DoD), Foreign Affairs, etc.
It was Philips Crypto's first attempt to expand their market,
after dealing exclusively with the DoD and NATO for many years.
PNVX was also sold by Siemens in Germany as the
and by Mils in Austria. 1
It is also known as SPENDEX 9600.
The PNVX is in fact a commercial-grade phone with military-grade
encryption. It was launched in 1991 with the PNVX-20xx series.
Depending on the required features, users
had a choice between the PNVX-2015, PNVX-2017 and the PNVX-2019.
The latter two (2017 and 2019) also featured a V.24 data-interface,
allowing secure data connections via a PC, in addition to speech.
The image on the right, shows the top-of-the-range PNVX-6317 secure crypto phone.
The images below show some of its characteristics, such as the
crypto and plain push-buttons.
The PNVX-series allows secure voice communication over standard insecure
telephone lines (PSTN).
Unlike older and less advanced systems that used (analog)
the PNVX features advanced digital encryption
using three Philips proprietary cryptographic algorithms.
Deciphering is possible only
if the person at the other end has a compatible crypto phone
(i.e. a phone from the same series), an appropriate TB-100 key card
and the correct PIN.
At the beginning of a secure sessions, both ends had
to synchronise (12 to 24 seconds) and advanced authentication protocols
were used to exchange the keys and authenticate the user's identity.
The analog voice signal from the microphone is first digitised with an
LPC-10 vocoder and then enciphered with the built-in crypto unit.
Although approval for the PNVX phones has officially been withdrawn
in 2010 
many of them were still in use by the Dutch Government in 2012.
The PNVX phones from the various vendors were not interoperable.
Each user of the PNVX crypto phone was issued a so-called
TB-100 Personal Key Card. The card had the same size as a standard credit
card, but contained a micro chip with the user's unique personal key,
identity and other information.
Secure communication was only possible if the user's key card was inserted into
a slot at the right of the phone and the matching
Personal Identification Number (PIN) had been entered.
At the beginning of each secure crypto session, the identification of the
person at the other end would appear in the display, so that you could
check wether that person was who he said he was.
The image on the right shows two such key cards.
Some models, like the PNVX 2017, 2018 and the later 63xx series, featured a
V.24 data interface that was available as a 25-pin sub-D connector at the
rear of the unit.
The V.24 interface enabled the phone to send data in addition to speech,
allowing the connection of digital terminal equipment, such as a computer
(via the COM-port), a printer of a fax unit.
Like speech, data was sent at 2400 baud, which was considered the higest
possible speed available on all telephone networks world-wide at the time.
When used between two computers, the PNVX would act as a (secure) modem.
Although the PNVX has the looks of a standard telephone set, its weight
reveils its actual identity. The bottom of the unit is made of die-cast
aluminium and the top half is molded plastic. With the TEMPEST version of
the PNVX, the plastic top has been sprayed on the inside with metal paint
in order to provide some level of shielding.
The image on the right shows the interior of the PNVX after removing the
plastic top half. The unit contains two large PCBs that are mounted together
on a metallized plastic frame.
The top board contains the analog circuitry,
like the line interface, the power supply unit (PSU) and the modem.
It also contains some interfaces and the key card reader (on the right).
At the other side of the frame is the digital board
that contains the 8088 CPU, memory, firmware (EPROMs)
and V.24 interface.
The PNVX contains a number of (digital) processors. The main CPU is on the
bottom board. It is an OKI-built Intel 8088 (M80C88A), complete with RAM, ROM,
EPROM and I/O expanders. An additional 8-bit 8085 processor handles input from the keyboard and output to the LCD display.
On the top board is the LPC-10 vocoder, consisting of a
NEC D78C10 processor, RAM and software in EPROM.
Also on the top board is the
ROCKWELL modem interface.
A small plug-in unit at the centre of the top board is the actual crypto-heart
of the PNVX. Without this daughter card, the PNVX acts just as an ordinary
Different versions of this crypto module were developed for various groups of
users (government, army, police, civil use).
The crypto-unit plugs into the main board by means of four 12-pin connectors
mounted at the four courners.
The image on the right shows the bottom of the unit consisting of two
ASICs, that contain the actual cryptographic algorithm, and a small
micro-controller. The latter is an 8-bit 8051-based One-Time-Programmable (OTP)
micro controller built by Signetics.
At the other side of the board are two Fujutsu MB603206 CPLDs, containing
customised 'glue-logic'. The MB603206 were among the first generation of
programmable hardware chips.
The crypto-unit contains separate hardware for coding and decoding in order
to allow full-duplex communication. The cryptographic algorithms inside the
OQ4436 ASICs were controlled by the OTP microcontroller in the middle.
Depending on the customer, the software inside the controller could be
adapted. For large customers it was even possible to implement
their own algorithm.
Considering the era in which the PNVX was developed (late 1980s),
the design of the crypto module was really state-of-the-art.
The fact that ASICs and the first generation of CPLDs were used,
confirm that Philips was at the forefront of secure phone development
at the time.
The PNVX-2010 series was followed by the PNVX-2110 series (1994) and finally the
PNVX-6300 series in 1995. Several variations of the same principle were developed,
such as a complete Crypto Switch (telephone exchange) and a separate encryptor for
(analog) mobile communication networks (PNVX 2111).
The PNVX-6300 series was developed especially for use by the Dutch Government.
The following models are currently known:
- PNVX 2015, Secure Telephone
- PNVX 2017, Secure Telephone (with data interface)
- PNVX 2019, Secure Telephone (with data interface and extra functions)
- PNVX 2118, Secure Telephone
- PNVX 2111, Speech Encryptor
- PNVX 2116, Crypto Switch
- PNVX 4000 series
- PNVX 6317, Crypto Telephone (for government use)
- PNVX 6318, Crypto Telephone (for government use)
- PFDX 2035, Fax Encryptor (for civil use)
- PFDX 6335, Fax Encryptor (for government use)
- PLDX 6142, Line Encryptor
- PPSX 6361, X.25 line encryptor
The name PNVX is the abbreviation of Philips Narrow-band Voice Encryptor.
The letter 'X' is used here for 'Crypto' as with all other Philips Usfa crypto
equipment. The abbreviation PFDX stands for
Philips Fax and Data Encryptor.
The internal designators for all secure phone products started with 'UP' followed by
the model number, e.g. UP-2017 for the PNVX-2017 phone.
The prefix 'UP' is most likely the abbreviation of Usfa Phone.
In brochures, it was replaced by PNVX, PFDX, etc.
During the First Gulf War in 1991, the Dutch Army operated on Iraqi
territory under supervision of the United Nations (UN) in the
operation Desert Storm.
For secure communication with home,
they used Philips PNVX phones, probably alongside the Spendex 40
The image on the right shows two Dutch soldiers with blue UN barets
checking in a large box with Philips PNVX phones at Schiphol Airport
in Amsterdam, when leaving for Iraq. The label on the box shows PNVX 2017
as the model number, but it is highly unlikely that that model was actually
used by the military.
It is far more likely that in reality the box contained the PNVX 6317 model,
which used a more secure, government approved, encryption algorithm. The
phone was often used by soldiers contact their families at home.
To date, there have been no reports of compromised PNVX phones.
PNVX phones were not only used during the First Gulf War, but also during
later conflicts, such as the Iraq War (2003) , by the Dutch Special Forces
during Operation Enduring Freedom (OEF) in Afganistan (2005-2006) 
and by the Army in Banja Luka (Bosnia Herzegovina) in 2006 .
For the encryption/decryption of voice data, the PNVX used a stream cipher
that uses the well known principle of modulo-2 addition (XOR)
to mix the data and the key stream. The length of the key was 120 bits and the
system allowed more than 1038 different keys to be used.
Once started, the key stream had a cycle length (also knows as the crypto
period) of more than 10,000 years,
meaning that the key stream would not repeat itself within that period.
The key stream was generated by an in-house (Philips) developed algorithm that
was hard-wired inside a custom-made crypto module
with Philips' own OQ443x crypto chips.
It was also possible to implement customized algorithms, adding-in
a bit of security by obscurity.
For key management, the PNVX used a hierarchic matrix system that allowed up
to 2000 users per group. Only users of the same group could communicate with
The actual key (group key and personal key) was stored on a separate key card
(see above) which was used in combination with a PIN that had to be entered on the
For authentication at the beginning of a crypto session, PNVX used
peer entity authentication, which guarantees that the other party is indeed the
one it claims to be.
When sychronising two PNVX phones at the beginning of a crypto session, a randomly
generated information key of 64 bits was used in combination with synchronisation
check series (in-sync checks).
The PNVX was suitable for connection to standard PSTN (analog) telephone lines,
using either pulse dialling (IDK) or dual tone DTMF (TDK) operation. It complied
with the rules and regulation in the Netherlands, which were similar to the
requirements in other countries.
Speech is first digitised using a 10-bit AD convertor and then processed by
an LPC-10 vocoder in order to reduce
the data rate to 2400 bits/s (baud).
LPC-10 is a Linear Predictive Coding standard developed by the United States
Department of Defense for use by NATO. It is also known as
It reduces the audio quality somewhat, is still be better than 85% DRT.
According to some users, the speech legibility of the PNVX was better
than that of the Motorola STU-III.
Computer data could be transmitted at the same speed (2400 baud) when connected
to the V24 socket at the rear of the unit (PNVX 2017 and PNVX 2019 only).
For a long time PNVX phones were approved and used for secure
voice communication up to the level of top secret, confidential and
NATO secret (PNVX-6317/6318), even after the demise
of Philips Crypto in 2003.
As of 1 January 2010, approval has officially been withdrawn by the
, but the PNVX phone remains a Controlled Cryptographic Item (CCI) for
the time being. Some units were still being used in an operational
context in 2012. They have since been phased out.
Philips PNVX phones were rather popular in The Netherlands and with NATO.
In order to have a better coverage on the international market,
they were also sold as a rebadged product by others.
In Germany, the PNVX was sold by Siemens
as the Crypset 100 (shown on the
right). The only difference is its colour and the company name on the
front panel . The Philips designator for the Siemens Crypset 100 was
In Austria, the phone was sold by Mils Electronic,
where it filled a gap in their product portfolio.
Although the slightly older Spendex 40
crypto phone uses the same LPC-10 vocoder, it is not compatible
with the PNVX. The PNVX uses a Philips proprietary encryption algorithm,
whilst the Spendex 40 uses the highly secret
SAVILLE algorithm developed by
and the NSA.
PNVX crypto phones were still used by the Dutch Army and by NATO after
compatible Spendex 40 had been phased out in 2009.
➤ More information
Similar (incompatible) products
Below is the pinout of the line socket – located at the rear –
shown when looking into the socket. Note that the pinout is different
from the usual European layout (which has AB on pins 3 and 4) and also different
from the UK layout which has AB on pins 2 and 5. Instead, the line interface
was developed by Philips subsidary MBLE in Belgium, and follows the Belgian standard,
which has AB on pins 4 and 5.
- not connected
- not connected
- Line A
- Line B
In order to avoid confusion, we have listed the various layouts in the diagram
below. At the left is the most common layout of the RJ11 phone socket, which
is used in the most countries in the world, followed by the uncommon British and
Belgian layouts. All problems can be solved by wiring the RJ11 wall socket
as per Crypto Museum standard, shown in the rightmost drawing.
➤ More about analogue telephone lines
The PNVX telephone is known by the following (brand) names:
- Spendex 9600
- Crypset 100 (Siemens)
- Mils Secure Phone (Mils)
- PNVX 2015, PNVX 2017, PNVX 2019 Operating Instructions
Philips Crypto BV.
- High Grade Secure Telephone Set, System Descryption
Philips Usfa BV.
- PNVX 6318, System Description
Philips Crypto BV, 1995.
➤ Dutch version
- PNVX 6318, Crypto and System Installation Guide
Philips Usfa BV, 1995.
- PNVX 6318, PFDX 6335, Brochure
Philips Crypto BV.
- PNVX 2118 (Spendex 9600) leaflet
Philips Crypto BV. 1994. 2 pages.
- PNVX Brochure (6 pages)
Philips Crypto BV. 1994. 6 pages.
- PNVX 211Y Product Family Brochure
Philips Crypto BV. 1994. 4 pages.
- Key Management Philosophy for the New Generation Crypto Equipment 1
Philips Crypto BV, 1990.
Document kindly provided by AIVD/NBV .
Brochures of related products
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Thursday 01 March 2012. Last changed: Thursday, 16 July 2020 - 15:11 CET.