Spy radio
Burst encoders
• • • Donate • • •
   Logo (click for homepage)
Philips PFDX
Fax encryptor

The PFDX was an electronic encryption unit for the protection of facsimile lines (fax), developed by Philips Crypto in the late 1980s. The device was intended for the professional market, such as the police, large corporations, the Department of Defense and the government. The PFDX was also sold as a rebatched product by Mils Elektronik (Austria), where it was called Fax Encryptor.
The PFDX was suitable for the protection of any common (analogue) facsimile machine, and was connected directly between the fax and the line. For protection and authentication, a smart card with matching PIN code is used. The smart card is inserted into the slot at the bottom left, whilst the PIN code is entered on the numeric keypad.

The device is based on the same encryption technology as its 'sister' device, the PNVX crypto phone, featuring the same crypto card or crypto heart, with Philips' in-house developed crypto-processors of which 3 variants were available.
PFDX front panel

Depending on the customer, a different type of crypto heart (and hence a different crypto chip) was issued. The one shown in the image above is the PFDX 2035, which was available to certain civil users. A special variant, the PFDX 6335, was available for use by the Dutch Government. For oil giant Shell, a special version protected by a physical key and a metal cover was developed [C].

After the demise of Philips Crypto in 2003, most PFDX units remained in use for many years, along with the complementary PNVX crypto phones. After the Dutch government telecom security authority NBV proposed to revoke the approval of the PFDX on 1 July 2008 [1], a number of users objected. As a result, PFDX was used well beyond its technical life, in some cases as late as 2012.
Philips PFDX fax encryptor PFDX front panel Philips PFDX fax encryptor PFDX front panel PFDX rear panel Inserting a key card Key card inserted Tamper evident seal

Operation of the PFDX is relatively simple. Before use, the user inserts his personal smart card and enters his Personal Identification Number (PIN) on the numeric keypad at the right. Once the PIN is accepted, the unit enters crypto/standby mode. The keypad is not used for entering the addressee's phone number; this is done on the fax machine itself. By default the PFDX works in CRYPTO mode, but it is possible to send fax messages in plain mode by pressing the PLAIN key.

PFDX front panel. Click for a closer look.

Once a fax is sent, the unit always returns to CRYPTO mode, so that the next message can never accidently be sent in plain mode. The grey program keys are for testing and error diagnostics. The current status is always shown on the display, along with the name of the card holder. After switching the unit ON, it first performs a Built-In Self Test (BITE). In addition to this, the user can also run a performance test from the keypad, by accessing the test menu via the grey MENU key.

PFDX rear panel. Click for a closer look.

The rear panel contains the ON/OFF switch and three sockets for connection to the outside world. The mains power inlet is at the right and is suitable for the 220V AC mains. Along the bottom edge, two RJ-11 sockets are available for connection to the fax machine and the telephone line respectively. Customised adapters were used for connection to the local public switched network.
PFDX front panel PFDX rear panel Inserting a key card Close-up of the keyboard and display Tamper evident seal

For encryption and decryption of the fax data, Philips' own in-house developed crypto processors were used. With these crypto chips, a stream cipher was created in which a key stream was added to the data stream by means of modulo-2 addition (XOR). The key stream generator takes a 120 bit cryptographic key (> 1038 keys) and has a cycle length (crypto period) of > 10,000 years.

For key management, an hierarchic matrix system was used, in which a maximum of 2000 users could be assigned to a single group. The keys were stored on a so-called TB-100 smart card that was issued to each user along with a PIN code1 for verification and activation. The unit offers peer entity authentication, which guarantees (under the condition that the user's authorisation passes off positively at both ends) that the other party is actually who he or she claims to be.
  1. PIN = Personal Identification Number.

Block diagram
Although the PFDX may seem a simple device at first sight, in reality it is not. The simplified block diagram below shows what is happening under the bonnet [2]. The existing fax is connected at the right, whilst the telephone line is at the left. At both ends, suitable MODEMs convert between analogue and digital signals. As the fax protocol works in both directions (the fax machine can be the sender and the recipient), each side has its own fax protocol detector. At the line-end this is also used as the sync-detector which is responsible for synchronisation with the data stream.

During initialisation and when establishing a connection, the modems transfer data (half duplex) at 300 baud. Once the connection is established, the actual fax data is transferred at 2400, 4800, 7200 or 9600 baud, depending on the equipment at the other end and the quality of the line.

PFDX block diagram

Under control of the CPU, the relevant data packets are extracted from and inserted into the data stream without affecting or altering the actual fax protocol. This means that only the actual data bits (i.e. the scanned information) are encrypted. The PFDX is only suitable for encryption of Group 3 Fax information. Group 2 fax signals and voice data are passed unencrypted (if the unit is configured to do so). In the latter case, both ends are connected through the bypass switch.

In order to avoid sending confidential information in plain mode accidently, an alarm is raised when the unit is unable to establish a Group 3 fax connection or when synchronisation is lost and repeated attempts to re-synchronize have failed. The user may then take appropriate action.
The interior of the PFDX can easily be accessed by removing two hex bolts from the bottom and two normal bolts from the rear. In order to avoid tampering, the leftmost bolt at the rear can only be accessed after a lead seal has been broken. This is done as a tamper-evident safety measure.
Once the 4 bolts have been removed, the entire interior can be removed from the front of the case. The PFDX consists of three functional modules: an interface board (I/F) (the largest PCB), a crypto board (mounted on top of the I/F) and a front panel with LCD display and controls.

All parts are connected to the crypto board which also holds the mains power supply unit (PSU). After disconnecting 4 flat cable connectors from the crypto board, the latter can be folded away, exposing the full interior. The I/F board holds the front and rear panels together.
Line interfaces

The interface board holds the two line interfaces (to the fax machine and to the analogue phone line or PABX), each of which consists of a high-quality line transformer and a Rockwell-based fax modem chip. For control of the modems, the board has its own microprocessor, with suitable firmware and memory. The physical connection to the outside lines is by means of small line modules made by MBLE in Belgium, that adapt the PFDX to the local RJ-11 connection standard.
The crypto board is mounted on 4 supporting posts held by the I/F board. It has components on both sides: all conventional through-hole components at the top, and all SMD components at the bottom. This board also holds the PSU.

The crypto board contains two microprocessors: one for the card reader and one for the overall control of the device. The latter controls the front panel and the two line interfaces on the I/F board. Each processor has its own memory and firmware. The SMD circuits at the bottom are for synchronisation and framing detection/control.
Crypto heart

The actual crypto heart is shown in the image above. It is mounted on 4 short mounting posts, just in front of the PSU, and consists of a small PCB that holds the actual crypto chips (ASIC), two CPLDs and a 8051 processor. As this was a controlled item, the electronics are housed in a black tamper-proof package. In the PFDX featured here, two Philips OQ4435 crypto chips were used.
The components inside the black enclosure are covered in blue hardened epoxy and can not be accessed without causing permanent damage.

The image on the right shows the interior of the crypto heart that was used in the PFDX 6335, the version used by the Dutch government. It is nearly identical to the sealed black crypto heart shown above, but contains two OQ4436 crypto chips instead of OQ4435 used in the PFDX 2035.

 More information
Two OQ4436 chips used in the crypto heart of the government version of the PFDX

Cutting the tamper seal Removing the bolts from the rear Two bolts removed from the bottom Pushing the interior out of the cabinet PFDX interior, seen from the right PFDX interior, seen from the rear left PFDX interior, with crypto board placed aside the interface board PFDX interior, with crypto board placed aside the interface board
Interface board top view Crypto board top view (conventional components) Crypto board bottom side (SMD components) Crypto board bottom side (SMD components) Line interfaces Card reader interface and control Crypto control processor Crypto heart

Crypto museum are currently looking for one or more TB-100 smart cards and additional PFDX units, so that we can demonstrate a working setup. If you have any PFDX-related items available, please contact us.
The PFDX is known under the following names and designators:
  • PFDX
  • UP 2035
  • Fax Encryptor (Mils)
  • FPE-3 (Shell)
  1. PFDX 2035 leaflet
    9922 154 19191. Philips Crypto BV. 1994.

  2. PFDX brochure (4 pages)
    9922 154 19041. Philips Crypto BV. 1994.

  3. Shell-version of the PFDX
    9955 154 17641. Philips Crypto BV. 1991.

  1. AIVD, NBV Nieuwsbrief December 2006
    December 2006 (Dutch). Retrieved January 2012.

  2. Philips Crypto BV, PFDX 2035 Facsimile Encryption Unit. System Description.
    9922 154 17091. Provisial release, revision E. Date unknown but probably 1990.

Further information

Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Last changed: Friday, 08 May 2015 - 15:23 CET.
Click for homepage