Click for homepage
Voice
Phone
Philips
  
Spendex 50 (DBT) →
← Spendex 30
  
Spendex 40   UA 8251
Narrowband secure voice terminal

Spendex 40 is a narrowband secure voice terminal, developed in the mid-1980s by Philips Usfa, for use by the Dutch Government and by NATO. It enables secure transmission of voice, fax and computer signals over standard POTS 1 telephone lines, using the secret GCHQ/NSA-developed SAVILLE crypto-algorithm. Also known as Spendex 40 M, NBSV-45 (non-NATO) and UA-8251.

Spendex 40 was the first product developed outside the USA that featured the highly secret SAVILLE encryption algorithm, making it inter-operable with the NSA's STU-II crypto phone.

The image on the right shows a typical Spendex-40 unit. It is housed in a robust military-grade die-cast aluminium enclosure that is completely TEMPEST-proof. The handset is placed in a black cradle on top of the device, and is connected to the left of the sloped front panel. Just below its socket is a 25-way D-type socket for connection of an external fax unit or a personal computer.
  

At the rear panel are receptacles for mains power and POTS telephone line (DE9/S). Also present at the rear is a DB25/P receptacle for connection of an external modem that can be used instead of the internal one. A backup battery, accessible via a panel at the rear, is used to retain the cryp­tographic keys in CMOS memory. The most prominent users of this telephone set were NATO, the Dutch Armed Forces and the Dutch PTT 2 (now: KPN). It was gradually phased out in the 2000s, after which its approval in the Netherlands was officially withdrawn by the NBV in 2009 [1].

  1. POTS (Plain Old Telephone System) refers to the Public Switched Telehone Network (PSTN) over fixed analogue lines.  More
  2. At the time, the PTT was the Dutch state-owned telecom operator. In 1989, the company was privatized and renamed KPN (Koninklijke PTT Nederland).  More  Wikipedia

Spendex 40 - right angle view
Spendex 40 with the handset off-hook
Connections at the left: handset and printer/fax
Pressing the ZEROIZE button
Spendex 40 with Philips UP-2001 key filler
After switching on, the Spendex 40 performs a self-test
Rear view of Spendex 40
Long telephone cable for connection to the PTT
A
×
A
1 / 8
Spendex 40 - right angle view
A
2 / 8
Spendex 40 with the handset off-hook
A
3 / 8
Connections at the left: handset and printer/fax
A
4 / 8
Pressing the ZEROIZE button
A
5 / 8
Spendex 40 with Philips UP-2001 key filler
A
6 / 8
After switching on, the Spendex 40 performs a self-test
A
7 / 8
Rear view of Spendex 40
A
8 / 8
Long telephone cable for connection to the PTT

Features
The diagram below gives an overview of the controls and connections of the Spendex 40. The enclosure consists of three parts: a die-cast aluminium centre part that contains the electronics, a die-cast rear panel that gives access to the line interface, and a sloped die-cast aluminium front panel that holds the controls and the sockets for peripheral equipment, such as handset, personal computer (or fax), Crypto Ignition Key (CIK) and a FILL device. The ZERIOZE button is hidden under a circular pivoting lid. On top of the device is a black cradle for the handset.



Models
Spendex 40 was available in two different models that can be identified by an extension to the model number in the form /XX. The extension number identifies the type of (internal) modem that is present in the phone's rear compartment. Note that the (soft) settings of the device have to be configured accordingly.

  • UA-8251/00
    all modes except 2-wire full-duplex
  • UA-8251/01
    2-wire full-duplex only
MODEs
Spendex 40 can work in the following modes of operation:

  • Nonsecure speech (clear)
  • Secure speech
  • Secure data
Interoperable devices
Secure Telephone Unit - 2nd generation (KY-71)
Secure Telephone Unit - 3nd generation - NATO version (KY-71D)
Motorola STU-III/R
Siemens/ANT/R&S Elcrovox 1/4
Siemens/ANT/R&S Elcrodat 5/4
Elcrodat
5/4
STK (Thales) TCE-5000
Operation
Spendex 40 is connected permanently to the mains and to a standard 2-wire analogue PSTN telephone line. Optionally it could be made to work with 4-wire lines as well. Basic operation of the unit is rather straightforward and is comparable to using a standard telephone set.

Lifting the handset activates the unit and connects it to the line or PABX. Telephone numbers are entered on the black keypad, located at the bottom right. When dialling a number, it is displayed on the red 8-digit numerical LED display, just above the keypad.

When the connection with the required party has been established, the conversation is started en clair (clear speech). When it is agreed to switch to encrypted mode (go secure) one of the parties presses the SECURE button. After an initial delay of approx. 10 seconds the connection is secure.
  

The SECURE button is located to the left of the keypad. It can be used to toggle between SECURE and PLAIN. The 10 second delay when going secure is typical for encryption systems using an LPC-10 vocoder. Please note that in order to setup a secure connection, a Crypto Ignition Key (CIK) should be present and valid keys should be loaded into the Spendex 40 and the CIK first.

A typical side effect of narrow-band LPC-10 encoding is that speech is carried accross relatively clear, but that it is impossible to recognise the person at the other end. This is the result of the fact that speech is first analysed, sent to the other end (in encrypted form) at a speed of 2400 baud, and then reconstructed or synthesized, resulting in a rather artificial or synthetic sound.

Spendex 40 is a full-duplex system, that can also be used in half-duplex mode. This was used for example when the quality of the line was too poor, or when the signal path was (partly) over radio links. In half-duplex mode the Push-To-Talk switch (Ptt) on the handset would be used. This mode was also used when communicating with an American STU-II phone at the other end.

Spendex 40 with the handset off-hook
Spendex 40 with the handset off-hook, showing the PTT-switch which is used for half-duplex operation.
Using the PTT switch
After switching on, the Spendex 40 performs a self-test
Normal operation showing 'X' in the display
B
×
B
1 / 5
Spendex 40 with the handset off-hook
B
2 / 5
Spendex 40 with the handset off-hook, showing the PTT-switch which is used for half-duplex operation.
B
3 / 5
Using the PTT switch
B
4 / 5
After switching on, the Spendex 40 performs a self-test
B
5 / 5
Normal operation showing 'X' in the display

Key management
Depending on he situation and security requirements, Spendex 40 supports the following key management procedures:

  • Key distribution center · KDC
    In this situation, a validated Spendex 40 automatically dials the (secret) telephone number of an external Key Distribution Center (KDC), which assigns it a temporary key. In this situation, the contact between all parties runs via the KDC, which in most cases was an NSA facility. It allowed the NSA to monitor, log and control all calls and keys. The main advantage of this method is that it provides full authentication.

  • Net KEY
    In this situation, a common key is issued to multiple parties, allowing group conversations. A terminal can not communicate with a party outside the group.

  • Individual KEY
    In this case, a single KEY is issued to multiple parties, allowing each of them to commu­nicate with each other. In practice, this option was used most of the time, as it avoids the use of a KDC. The drawback of this method is that there is no authentication.
Crypto Ignition Key   CIK
The SAVILLE crypto-algorithm uses a 128 bits key. For enhanced security this key is split in two parts that are stored separetely. Each part is also 128 bits long and must be XOR-ed with the other one in order to obtain the actual key. One half is stored in battery-backed RAM inside the Spendex 40, whilst the other half is stored in an EEPROM inside the Crypto Ignition Key (CIK).

Splitting the key makes it easier to render the machine useless when security is compromised. Whenever a user temporarily leaves the Spendex 40 unattended, he can leave the key loaded as long as he takes the removable CIK with him.

Without the CIK, the key inside the Spendex 40 has no value. Likewise, a loaded CIK can not be used on another Spendex 40 device. Trying the CIK on another Spendex 40 causes the message ILL. CIK (illegal CIK) to be displayed. The image on the right shows a typical CIK being connected to the CIK socket on the Spendex 40 front panel.
  

Secure operation is only possible with a valid (loaded) CIK present on the socket marked 'CIK'. When security is compromised, the user presses the ZEROIZE button that is behind a metal flap at the front panel. Pressing the button destroys all keys that are present in the internal RAM of the Spendex 40. It also clears the CIK (when connected). The display will then show the message ZEROISED (British spelling). If the CIK was not present when the ZEROIZE button was pressed, the internal RAM is still cleared, rendering the CIK useless. The same CIK was used with Spendex 50.

Although the CIK is marked with the word CONFIDENTIAL on its serial number plate, un unloaded CIK is an unclassified device. Whenever a valid key is loaded to both the Spendex 40 and the CIK, the CIK is classified to the level of the loaded key. Deleting the key makes it unclassified again. The CIK only contains a memory chip (EEPROM) that can hold a randomly-generated number that is part of the key. There is no additional intelligence or other protective or secret circuitry inside.

Typical Spendex 40 CIK
Spendex 40 CIK
Spendex 40 CIK
Placing the CIK
Crypto Ignition Key (CIK) present on Spendex 40
Display showing 'NUL. CIK', indicating that the CIK is empty.
Pressing the ZEROIZE button
Pressing the ZEROIZE button causes all internal keys and the CIK to be cleared
C
×
C
1 / 8
Typical Spendex 40 CIK
C
2 / 8
Spendex 40 CIK
C
3 / 8
Spendex 40 CIK
C
4 / 8
Placing the CIK
C
5 / 8
Crypto Ignition Key (CIK) present on Spendex 40
C
6 / 8
Display showing 'NUL. CIK', indicating that the CIK is empty.
C
7 / 8
Pressing the ZEROIZE button
C
8 / 8
Pressing the ZEROIZE button causes all internal keys and the CIK to be cleared

Loading key material
Key material for the Spendex-40 was produced by an external key management system. This was usually a piece of proprietary software running on a dedicated PC. The keys were then distributed by means of a key filler or key transfer device such as the military KYK-13 fill gun. In the case of NATO, a government agency acting as a Key Distribution Center (KDC) could also be used for this.

Keys are normally loaded into the Spendex 40 by means of a fill gun. As soon as it is connected to the FILL socket on the front panel, the display shows the message COMSEC ?. The user then selects the desired key compartment, sets the selector to WRITE and presses the ACTIVATE button, in order to initiate a key transfer.

As the American KYK-13 key loader was in short supply, Philips developed equivalent devices like the UP-2001 shown on the right. It had 40 key compartments which was a great improvement over the KYK-13, which had just six of them.
  

A larger number of key compartments in a fill device allows keys for different devices or for more days in advance to be carried. As soon as the keys were loaded, the key loader was removed and both the Spendex 40 and the CIK had become a Classified Cryptographic Item (CCI) 1 . Note that the original key was not stored inside the Spendex 40. It was reconstructed when needed by adding the internally stored key to the one stored in the CIK (by means of an XOR operation).

  1. CCI is sometimes defined as Controlled COMSEC Item, which has the same meaning.

Spendex 40 with Philips UP-2001 key filler
Loading the cryptographic keys with a Philips UP-2001 key filler (KYK-13 compatible)
Initiating a key fill
When the key filler is connected, the display reads 'COMSEC ?'.
Spendex 40 with KYK-13 key loader installed
KYK-13 key loading device installed
D
×
D
1 / 6
Spendex 40 with Philips UP-2001 key filler
D
2 / 6
Loading the cryptographic keys with a Philips UP-2001 key filler (KYK-13 compatible)
D
3 / 6
Initiating a key fill
D
4 / 6
When the key filler is connected, the display reads 'COMSEC ?'.
D
5 / 6
Spendex 40 with KYK-13 key loader installed
D
6 / 6
KYK-13 key loading device installed

Connecting a fax
Apart from voice communication, the Spendex 40 was also capable of encrypting and decrypting digital (computer) data through the internal modem, or an externally connected modem at speeds up to 4800 baud. For this, the DB25/F connector at the left side of the front panel is available.

The data port has a serial (RS-232) interface that can be used for the connection of a personal computer or a similar data device such as a fax.

The image on the right shows a standard Canon fax unit of the early 1980s connected to the DB25 socket on the left side of the Spendex-40. The image was taken from a stock photo [7] that appeared in a 6-page brochure at the time [10].

As an alternative, the NSA-approved fax unit Cryptek TS-40 could also be used [2]. It was a plain paper laser fax that complied with NSA TEMPEST Level I standards. Neither of the fax units discussed here are available anymore.
  

A facsimile machine (fax) was a popular means of sending hand-written documents and images over telephone lines during the 1980s and 90s. Since the internet-revolution, it has gradually been replaced by e-mail. As the Spendex 40 allowed secure transmission of fax-documents, it was also used for the distribution of cryptographic keys, simply by printing them onto an A4-sheet as barcodes. The keys were then transferred to a key loader by means of a barcode reader.

Spendex-40 with a fax connected and the handset off-hook
Connections at the left: handset and printer/fax
Key-fill device with barcode pen
E
×
E
1 / 3
Spendex-40 with a fax connected and the handset off-hook
E
2 / 3
Connections at the left: handset and printer/fax
E
3 / 3
Key-fill device with barcode pen

Backup battery
The keys, stored in the memory (CMOS RAM) of the Spendex 40, are retained by a backup battery. For this purpose, a long-life 3.6V Lithium cell is used. It has the shape of a common AA-size battery and is accessible from the rear of the device, by removing a small panel at the right.

The battery compartment can be opened by removing 4 hex-bolts, as shown in the image on the right. The battery itself can be removed by pulling its white cloth jacket (images below).

Suitable replacement batteries are available from a variety of sources, such as Tadiran (TL-5104) and Conrad Elektronik in Germany. The latter offers batteries from manufacturer EVE (Energy Very Endure) for about EUR 4.99 (order number 650773-89) and Emmerich (651244-89). Note that standard 1.5V penlight batteries can not be used as they do not deliver the required voltage.
  

When the battery is fully exhausted, or when it has been removed from the device for more than a few seconds, the internal settings of the phone will be lost. This might render the phone useless, especially when the internal modem is used (which is nearly always the case), as it defaults to using an external modem. Should that happen, the initial setup procedure must be carried out.

Open battery compartment
Pulling the battery
Removing the battery
3.6V Lithium backup battery
3.6V Lithium backup battery
F
×
F
1 / 5
Open battery compartment
F
2 / 5
Pulling the battery
F
3 / 5
Removing the battery
F
4 / 5
3.6V Lithium backup battery
F
5 / 5
3.6V Lithium backup battery

History
Spendex 40 was one of the first secure voice terminals that used an LPC-10 vocoder for speech digitization [6]. LPC or Linear Predictive Coding was a high-quality vocoder, developed by the US Department of Defense for use by NATO. It is also known as FS-1015 and as STANAG-4198.

Although LPC-10 encoding became rather common in later years, its implementation was by no means easy at the time Spendex 40 was developed. The LPC-10 unit inside the Spendex 40, was developed in collaboration with Philips Research (NatLab) in Eindhoven (Netherlands). It needed five NEC DSPs 1 of the first generation. Reliability and speech quality was reported to be better than on comparable systems like the much larger American STU-II, which was also used by NATO.

As far as we know, Spendex 40 was the first non-US/UK device to be licenced to implement the highly secure GCHQ/NSA-developed SAVILLE cryptographic algorithm [3]. As SAVILLE is an extremely complex algorithm, it was considered too difficult for implementation in software [8].

Philips therefore developed its own crypto-chip called the OQ4430. It is shown in the image on the right. The same chip was also used in the military Spendex 50 secure voice terminal. Three of these crypto-chips are used in each Spendex device: 1 for reception and 2 for transmission. 2
  

Spendex 40 was arguably the most secure voice and data terminal at the time. It was approved for use by the US Government at the highest possible level (NSA Type 1) and was also used by NATO and by the German government. It was one of the smallest Type 1 devices at the time.

Rumour has it that NSA officials were 'shocked' when they saw the first Spendex 40 prototype in action. It was so much smaller than the American STU-II and yet its speech quality was so much better [5]. Motorola later developed the STU-II/B, that was intended as a replacement for all STU-II compatible devices, including the Spendex 40. It was much smaller and had improved speech quality (using Motorola's own DSP technology) but came nearly 10 years after the Spendex 40.

It is also rumoured that Spendex 40 played an important role before, during and after the fall of the Berlin Wall in 1989, when West-German Authorities used it for secure voice communication [5]. It was assumed that foreign secret services were unable to break the SAVILLE encryption.

  1. Two NEC DSPs were used for the speech analyzer, whilst three were needed for the speech synthesizer.
  2. Two crypto units are used for transmission in order to provide a fail-safe system. The output of the two units is constantly monitored and compared, raising an alarm when they are no longer identical.

Interior
The Spendex 40 is an extremely robust device that was clearly intended for military use. The unit is hermetically sealed with a large number of hex bolts in order to prevent unwanted emission of RF signals (TEMPEST). The interior can be access from the rear (PSU) and from the top (crypto).

The die-cast aluminium case consist of several compartments that are interconnected by means of filtered lines. There are compartments at the rear, the front the side and at the top. The front panel contains the user controls and connections and is bolted to the front of the main enclosure.

The compartments at the rear can be accessed by removing 14 hex bolts from the rear panel, as shown in the image on the right. At the left is the power supply (PSU) with the transformer just visible. The (telephone) line interface is at the right, with the filters mounted to the rear panel.
  

The filters are necessary to prevent unwanted leakage of information. For the same reason, a metal gasket is present in between the main case and the rear panel. The block at the bottom right contains the backup battery (see below). The most interesting compartment is at the top.

It can be accessed by removing the handset assembly and the (sealed) top lid. The image on the right shows the contents of the crypto compartment as seen from the top. There are 7 PCBs that are slotted into a backplane at the bottom. A microswitch on card number 3 acts as tamper-detection. When the top panel is lifted, all cryptographic keys are destroyed instantly.

The two flying wires at the left are normally connected to a reed-switch that is mounted to the top panel. It acts as the off-hook switch and is activated by a magnet in the handset cradle.
  

The boards are listed below. Six of the seven PCBs are mounted together in pairs. Although each PCB has is own connection to the backplane, they should always be removed together. The first two PCBs at the front are 'locked' in between metal panels in order to provide sufficient cooling for the special chips that are used for speech analysis and synthesis. Parts of these two boards were developed in close collaboration between Philips Usfa and Philips' NatLab (Philips Research).

Rear view of Spendex 40
Spendex 40 interior (rear view)
Looking into the rear compartment of the Spendex 40
Top lid of crypto compartment
Sealed crypto compartment
Crypto compartment. Each PCB is identified with a white label (in Dutch)
Three custom crypto processors
Display showing 'ALARM' as the crypto compartment has been opened
G
×
G
1 / 8
Rear view of Spendex 40
G
2 / 8
Spendex 40 interior (rear view)
G
3 / 8
Looking into the rear compartment of the Spendex 40
G
4 / 8
Top lid of crypto compartment
G
5 / 8
Sealed crypto compartment
G
6 / 8
Crypto compartment. Each PCB is identified with a white label (in Dutch)
G
7 / 8
Three custom crypto processors
G
8 / 8
Display showing 'ALARM' as the crypto compartment has been opened

Crypto heart
Inside the crypto compartment are the following PCBs. Detailed photographs of each board at the bottom of this section.
  1. UA-8323/00 Speech synthesis board
  2. UA-8322/00 Speech analysis board
  3. UA-8321/00 Key memory board
  4. UA-8320/00 Key generator
  5. UA-8319/00 Control board
  6. UA-8318/00 Timing board
  7. UA-8317/00 Telephony board
  

Board number 4 — key generator — is the actual crypto logic, or crypto heart. It contains three OQ4430 crypto processors that were developed by Philips especially for this purpose. They are used for the implementation of the SAVILLE algorithm. The same chips are used in the Spendex 50. As it is a full-duplex system, three chips are necessary, one of which was used for reception. The other two were used for transmission, raising an alarm if their outputs were not identical.

Boards (1) and (2) are technically the most advanced for the era. For development of the speech analyzer and the speech synthesizer, a number of first-generation DSPs have been used. Spendex 40 was one of the very first devices to use the NEC µPD77P20D DSP.

The speech analyzer contains two such DSPs, whilst the speech synthesizer uses three of them, plus a OQ4422 custom chip. The two circuit boards are sandwiched together and are clamped in between a series of copper springs that keep them in place and provide cooling.
  

Apart from providing cooling and clamping, the springs probably provide some extra shielding (ground) for the DSPs as well. The speech synthesis board also contains an Intel 8085 processor with firmware in a 32K EPROM. The function of the OQ4422 custom chip is currently unknown.

Crypto compartment. Each PCB is identified with a white label (in Dutch)
Speech synthesis board
Speech analysis board
Key memory
Key generator (crypto board)
Control board
Timing card
Line interface card
H
×
H
1 / 8
Crypto compartment. Each PCB is identified with a white label (in Dutch)
H
2 / 8
Speech synthesis board
H
3 / 8
Speech analysis board
H
4 / 8
Key memory
H
5 / 8
Key generator (crypto board)
H
6 / 8
Control board
H
7 / 8
Timing card
H
8 / 8
Line interface card

Connections
Fill-gun
At the front panel, to the left of the display, is a 5-pin receptacle for connection of a Key Transfer Device, also known as a FILL gun, such as the KYK-13 and UP-2001. This receptacle for a U-229 connector is wired according to the DS-102 standard.

 U229 connector

  1. Vref (5V)
    [→
  2. Switched ground
    [←
  3. Request
    [⇆
  4. Data
    [⇆
  5. Clock
    [⇆
Crypto Ignition Key (CIK)
At the front panel is an U79/U receptacle for connection of the CIK. Below is the pinout when looking into the receptacle. Pin D (CIK connected) has an internal pull-up to (+5V). It is shorted by the CIK to pin F (ground), to indicate to the terminal that the CIK has been connected.

  1. unused
  2. Clock
    [→
  3. unused
  4. CIK Connected
    [←
  5. Store
    [→
  6. Ground
  7. Data in
    [→
  8. Data out
    [←
  9. Write
    [→
  10. SWV
    [→
Handset
At the left side of the front panel is a threaded 5-pin 240° DIN socket for connection of the handset. Note that the shield of the cable is connected to the shield of the connector. This wire is not shown in the table below. The pinout when looking into this socket is as follows:

  1. TEL1
    [→
    Speaker
  2. TEL2
    [→
    Speaker
  3. Ptt
    [←
    Connected to shield
  4. MIC1
    [←
    Microphone
  5. MIC2
    [←
    Microphone
Data
The Spendex 40 has a DB25/S receptacle for peripheral equipment, such as a fax machine or a personal computer, located at the left side of the front panel, just below the handset socket. The effective data rate is 1200 baud (/00) or 600 baud (/01). The pinout is as follows:

  1. GND
    Protective ground (shield)
  2. TXD
    [←
    Transmit Data
  3. RXD
    [→
    Receive Data
  4. RTS
    [←
    Request To Send
  5. CTS
    [→
    Clear To Send
  6. DSR
    [→
    Data Set Ready
  7. GND
    Signal ground
  8. DCD
    [←
    Data Carrier Detect
  9. GND
    Protective ground (shield)
  10. TXC
    [→
    Transmit Clock
  11. RXC
    [→
    Receive Clock
  12. DSR
    [←
    Data Set Ready
Modem
The Spendex 40 has an internal MODEM for connection to the subscriber line, but by default, the device is configured for use with an external modem, such as a HF radio modem, which should be connected to the DB25/P receptacle at the rear panel. The pinout of this connector is specified below. If the internal modem must be used, the device should be configured accordingly.

  1. GND
    Protective ground (shield)
  2. TXD
    [→
    Transmit Data
  3. RXD
    [←
    Receive Data
  4. RTS
    [→
    Request To Send
  5. CTS
    [←
    Clear To Send
  6. DSR
    [←
    Data Set Ready
  7. GND
    Signal ground
  8. DCD
    [←
    Data Carrier Detect
  9. GND
    Protective ground (shield)
  10. TXC
    [←
    Transmit Clock
  11. RXC
    [←
    Receive Clock
  12. LLB
    [→
    Local Loop-Back
  13. DSR
    [→
    Data Set Ready
  14. GND
    Protective ground (shield)
Telephone line
At the rear panel is a 9-pin DE9/S receptacle for connection of the POTS subscriber line. With the UA-8251/01 version of the Spendex 40 only pin 1 and 2 are used, as this variant is suitable for a 2-wire subscriber line only. In The Netherlands, these wires are known as the A and B lines. With the 4-wire line version (UA-8251/00), pins 1 to 4 are used.

  1. Line in/out 1
    A
  2. Line in/out 2
    B
  3. Line out 1
  4. Line out 2
  5. GND
Specifications
  • Device
    Secure narrowband voice and data terminal
  • Purpose
    STU-II compatible voice and fax communication
  • Model
    Spendex 40
  • Designator
    UA-8251/00, UA-8251/01
  • Year
    1987
  • Manufacturer
    Philips Usfa BV
  • Country
    Netherlands
  • Users
    NATO, PTT, Netherlands Government, German Government
  • CODEC
    LPC-10 (STANAG 4198)
  • Encryption
    NSA Type 1, SAVILLE
  • CIK
    UA-8247 Class. Mod.
  • FILL
    DS-102, U229
  • Line
    Analogue (POTS)
  • Response
    80-3400 Hz
  • Dialling
    Pulse, Tone (DTMF)
  • Precedence
    Priority, Immediate, Flash, Flash Override
  • Modem
    V22bis, V26, V26bis (see below)
  • Speed
    2400 baud
  • Data
    1200 baud (/00), 600 baud (/01)
  • Interface
    CCITT V24/V28, EIA RS232C
  • Backup
    3.6V Lithium battery: Philips UA6303/03, Tadiran TL-5104
  • Power
    Mains 110, 220V AC ± 15%, 47-63 Hz
  • Consumption
    ≤ 45W
  • Fuses
    250V/500mA, 110V/1A
  • Backup
    3.5 — 4.5V (typically 3.9V)
  • Temperature
    -10°C to +50°C, ≤ 95% humidity
  • Storage
    -40°C to +70°C, ≤ 90% humidity
  • EMC
    TEMPEST AMSG-720B, MIL-STD-461B
  • Vibration
    A2, shock A4
  • Dimensions
    385 × 270 × 160 (230) mm
  • Weight
    12 kg
Parts
Modem
  • UA-8251/00
    V26/V26bis
    2 or 4-wire
    HD/FD STU-II interoperable
  • UA-8251/01
    V22bis
    2-wire
    HD Not STU-II interoperable
Nomenclature
  • Spendex 40
    Philips model name
  • UA-8251
    Philips designator
  • NBSV-45
    Non-NATO version [3]
  • Spendex-40M
    ?
Documentation
  1. User Manual for UA-8251/00
    9922 154 13051. Philips Usfa BV, 1 July 1988. CM301590.

  2. User Manual for UA-8251/01
    9922 154 13061. Philips Usfa BV, 13 June 1988. CM301591.
     Addendum

  3. Installation and Comsec Manual for UA-8251/00 and /01
    9922 154 12561. Philips Usfa BV, 9 May 1988. CM301592.
     A3 drawings

  4. Limited Maintenance Manual for UA-8251/00 and /01
    9922 154 13431. Philips Usfa BV, 29 September 1988. CM301593.
     A3 drawings

  5. Illustrated Parts List for UA-8251/01
    9922 154 13981. Philips Usfa BV, 20 November 1988. CM301594.

  6. Operating Manual for use on NATO-IVSN system incorporating KDC
    9922 154 12551 Philips Usfa BV, 9 May 1988. CM301595.
     Addendum

  7. Operational COMSEC Doctrine for the Spendex-40 (NU)
    NATO SECAN, 9 October 1989. CM302959.

  8. Bedieningsinstructie Spendex-40 (NATO/IVSN uitvoering)
    Operating instructions SpendeX-40 NATO/IVSN version - (Dutch).
    NATO, January 1990. CM302961.
     Instruction sheet
References
  1. Nationaal Bureau voor Verbindingsbeveiliging (NBV, part of the AIVD),
    List of approved crypto products (Dutch)

    NLNCSA. Retrieved March 2009.

  2. NSA, Cryptek TS-40 secure facsimile unit
    Fax unit approved for use with Spendex 40.

  3. Jane's Military Communications 1986
    ISBN: 0-7106-0824-1

  4. Philips Usfa BV, NBSV 45, Provisional Data Sheet
    Simple black & white leaflet about the NBSV-45 (Spendex 40 M).
    9922 154 12401. Date unknown.

  5. Anonymous, Using the Spendex 40
    Interview at Crypto Museum. Eindhoven, June 2011.

  6. Wikipedia, LPC-10 Vocoder
    FS-1015 standard. Retrieved July 2011.

  7. Philips Usfa/Crypto, Spendex 40 stock photographs
    Crypto Museum Photo Archive. CM300631.

  8. Crypto Museum, The SAVILLE Algorithm
    Interview with former cryptographer at Crypto Museum, December 2011.

  9. NEC Electronics Inc., µPD77C20, 7720A, 77P20 Digital Signal Processors
    First commercial DSP chip used in Spendex 40. 1980. Retrieved March 2012.

  10. Philips Usfa BV, Narrow Band Secure Voice Equipment Spendex 40
    Spendex 40 Brochure (copy) 9922 154 12443. 1987.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Saturday 06 February 2010. Last changed: Sunday, 12 May 2024 - 08:41 CET.
Click for homepage