Click for homepage
← Thales
TCE-621/M   Cryptel-IP
Mobile IP Encryptor

The TCE-6217M is a mobile IP encryption device, developed by Thales in Oslo (Norway) around 2012 for use by NATO at all levels of secrecy, including COSMIC TOP SECRET. It is currently (2014) the dominant NATO IP Crypto Equipment (NICE). It provides end-to-end security to the IP protocol and is interoperable with all members of the TCE-621 Cryptel-IP family including the TCE-621/B. The TCE-621/M is also known as MINP.

The image on the right shows a typical TCE-621/M as it was used by NATO for instruction. The device measures just 160 x 44 x 120 mm and has all connections at the front. At the center of the front panel is the MODE switch, which acts as the power switch, but is also used for ereasing the crypto variables (ZEROIZING).

The TCE-621/M provides full RED/BLACK separation. The left half of the device deals with the BLACK side (i.e. the outside world) and loading of the key material, whilst the right half is for the RED side (i.e. the internal network).

The TCE-621/M allows any 10/100 Mbps IP-based network to be secured. The BLACK side also supports USB 2.0 and, via an adapter, legacy RS232. In addition, an optical interface can be added to the RED side. The devices can be managed from the TCE-671 Management Centre.

TCE-621/M with protective covers over the connectors Front view of the TCE-621/M Keypad on top of the device Top view of the TCE-621/M Zeroize knob Zeroizing the TCE-621/M
1 / 7
TCE-621/M with protective covers over the connectors
2 / 7
2 / 7
3 / 7
Front view of the TCE-621/M
4 / 7
Keypad on top of the device
5 / 7
Top view of the TCE-621/M
6 / 7
Zeroize knob
7 / 7
Zeroizing the TCE-621/M


The TCE-621/M uses a distributed key, which is loaded into the device by means of a special key transfer devices that is connected to the 3rd socket at the front panel. The device can only be operated when a valid and properly initialized Crypto Ignition Key (CIK) is present at the front.

In case security is compromised, the keys can be destroyed quickly by pulling the black knob at the center of the device outwards, and rotating it clockwise to the E setting, as shown in the image. This procedure is called ZEROIZING.

For data encryption the user has the choice between a proprietary NATO NICE algorithm known as EINRIDE, and the public key based AES algorithm. The cryptographic keys are loaded into the device by means of a KOI-18 or a DTD-compatible device [2].
Zeroizing the TCE-621/M

  • Designed for NATO secret traffic
  • NATO Type A algorithm (Einride)
  • NATO Type B algorithm (AES)
  • Vectorized AES (allowing customized vector)
  • Removable CIK
  • 10/100 Mbps ethernet
  • IPv4 and IPv6 compatible
  • PPP support (black side)
  • USB 2.0
  • RS232 (via USB adapter)
  • Key fill via DS-101 (DTD) or DS-102 (KOI-18) protocol
  • ISO 7816 smart card
  1. Thales, TCE-321/M
    Date unknown. Retrieved April 2014.

  2. NATO IACD, TCE 621/M
    Retrieved April 2014.

  3. Thales, TCE-321/M NATO approved mobile IP encryptor
    Date unknown. Retrieved May 2015.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Wednesday 02 April 2014. Last changed: Saturday, 24 February 2018 - 21:25 CET.
Click for homepage