Homepage
Crypto
Index
Glossary
Enigma
Hagelin
Fialka
Nema
AT&T
Datotek
Gretag
HELL
ITT
Motorola
Mils
OMI
Philips
Racal
Siemens
STK
Tadiran
Telsy
Teltron
Transvertex
TST
USA
USSR
UK
Yugoslavia
Voice
Hand
OTP
EMU
Mixers
Phones
FILL
Codebooks
Algorithms
Spy radio
Burst encoders
Intercept
Covert
Radio
PC
Telex
People
Agencies
Manufacturers
• • • Donate • • •
Kits
Shop
News
Events
Wanted
Contact
About
Links
   Logo (click for homepage)
V-Kaart
Computer security for the Dutch Government - wanted item

V-Kaart (later: C-Kaart) was a hardware-based encryption and decryption solution for Personal Computers (PC) en computer networks, developed by Philips Crypto BV for the Dutch government. The project was initiated in 1994 and developement of the V-card started in 1997. Six years later the project was cancelled and V-card was never taken into production. Eventually, in 2003, Dutch crypto company Fox-IT would buy the legacy and successfully sell it as Fort Fox File Encryptor. V-kaart is also known as UP-6451, VKC (V-Kaart-Card) and by its NC number 4322 085 05151.
 
V-Kaart was intended for use by the Dutch Goverment, as a replacement for the rather large and aging AROFLEX. Based on experiences with the successful MDT-project for the Eindhoven Police Department, it was decided to implement the card as a PCMCIA module. This would allow it to be used easily in modern laptops.

Development of the card started in 1997 and was estimated to take 2 years. It was supposed to be available in two versions: for stand-alone PCs (version 1) and for networked computers (version 2). Version 1 would be developed first.
  
Philips V-kaart (V-card)

The product would be built around the so-called GCD-Φ chip that was developed as part of the project. In late 2001 however, after a series of field tests and redesigns, the government pulled the plug. Although strickly speaking Philips had delivered what was ordered, the circumstances and requirements had changed by the time the first prototype was ready. It would be Philips Crypto's last project. In 2003, after a series of reorganisations, the company closed its doors.
 
Philips V-kaart (V-card) Philips V-kaart (V-card) Philips V-kaart encryption card with personal key card Personal key card (smart card) for the V-kaart encryption card Smart card belonging to the V-kaart Rear side of the V-kaart Rear side of the V-kaart Rear side of the V-kaart

 
Development
Although the contract with the Dutch Government for the development of the V-kaart was signed in July 1997, the actual development of the necessary crypto chips had started back in 1994, when Philips took part in the development of the so-called General Crypto Device (GCD).
 
The GCD was developed in co-operation with SECAN in Braunschweig (Germany). Although it contained the building blocks for implementing modern cryptographic algorithms, such as DES and Tripple-DES, it was not suitable for TOP SECRET (Dutch: Stg. Geheim) applications.

Nevertheless, it allowed Philips to quickly create a working prototype and start development of the necessary hardware and software. The image on the right shows the very first test PCB with all components that were required for the V-kaart. It became operational in November 1997 [11].
  
Test board of the V-kaart with GCD chip

The test card contained the GCD chip, two Field Programmable Gate Arrays (FPGA), a memory chip, a flash-memory holding the firmware and a real-time clock. Each chip is surrounded by numerous test pins. The double blue connector simulates the PCMCIA connector of the future V-kaart. At the bottom right is an RS-232 port that was used for debugging during development of the firmware. Although the test card allowed Philips engineers to functionally test the GCD chip and the FPGAs, it could not run at full speed as the bottom side was completely hand-wired.
 
The next stage of the development involved shrinking the design to the size of a PCMCIA card. As the chips had already been functionally verified with the test card above, it was decided to go straight to a functional PCMCIA card.

The result is shown on the right. It is a thin PCB with components at both sides. As space - and especially height - is rather limited inside a PCMCIA card, a smaller package of the GCD chip was used. The image on the right shows the side of the PCB where the GCD chip is located. The black chip at the top left is one of the FPGAs.
  
First prototype V-kaart (with GCD chip)

The narrow chip at the front is a flash memory device that contains the firmware for the GCD. A lithium battery is mounted inside a hole in the PCB. It is used to retain the cryptographic material when the device is powered down. At the other side of the PCB is the second FPGA and the RAM memory. Both FPGAs are QL2009 from the Quick Logic family of high-speed high-security one-time-programmable (OTP) gate arrays. The prototype shown above became operational in March 1998, just four months after the first test card and only 9 months after the order was signed.
 
The GCD-chip was later replaced by the GCD-Φ chip when it became available. Eventually, the product evolved into the V-kaart shown on the right. As V-kaart was implemented as a PCMCIA card, it could be used directly in most laptop PCs of the era. When used in a desktop PC, a suitable adapter card (interface) had to be used.

Depending on the application, security could be increased by adding a smart card that contained a personal code, much like a Crypto Ignition Key (CIK). In order to use the software, the personal key card had to be inserted into a card reader.
  
Philips V-kaart (V-card)

After several updates of the firmware and the software, the project was cancelled by the Dutch Government in 2000, as it couldn't match the ever increasing demands of the Department of Defence (DoD). An adapted version of the V-kaart, called S-card (see below) was later released successfully to the Belgian Government, followed sometime later by the so-called C-card for the Dutch Government. Although the software for the latter two was different, they were based on the same (V-kaart) hardware. The C-card was later re-released as the FFFE by Fox-IT (see below).
 
Test board of the V-kaart with GCD chip Bottom side of the test card showing the hand-wired connections Close-up of the wiring at the bottom side Close-up of the GCD (crypto) chip The various development stages First prototype V-kaart (with GCD chip) First prototype V-kaart Recessed reset button

 
History
The project started in 1994 after the new Information Security Act came into effect [1] in The Netherlands. It made each department of the Dutch government responsible for its own information security. The Ministry of Defence, Home Affairs, Foreign Affairs and Justice decided to have an encryption card that would be suitable for Secret and Top Secret information.

Before this decision was made, a feasibility study was conducted by the NBV and Philips Crypto. The combined approach of the four ministries had the advantage that the development cost could be shared and that it would enable secure interdepartemental communication. For reasons of security it was decided that the card would be developed in The Netherlands [2].

Contract
The contract with Philips Crypto was signed on 2 July 1997 and the Department of Defence (DoD) would act as the official client. The total development cost was estimated at NLG 14.5 million (approx. EUR 6.6 million), of which each department would contribute as follows [2]:
 
  • Defence: 8.8 million
  • Home Affairs 3.1 million
  • Justice: 2.1 million
  • Foreign Affairs 0.5 million
For this, Philips would develop two variants:
 
  • Stand-alone version
  • Network version
They would also study the feasibility of creating Secure Private Networks, by means of the the so-called VPN-Guard, for which the development order was signed in November 1997 [7]. The most important customer of the V-kaart would be the DoD, who was also responsible for the functional specification. Development would take place in several stages, each of which would be evaluated by Philips, the DoD, the NBV and TNO/FEL.

Flying start
Initially, the project took off rather well. After just five months, the first test board was working, and another four month later the first prototype, based on the older GCD-chip, was implemented as a PCMCIA card. In the next stage, the new GCD-Φ chip was incorporated into the design.

Delays
In late 1998, Philips Crypto announced a delay of approximately half a year, because software development took more time then anticipated. Around the same time, an investigation showed that the network version had important shortcomings and would not match with the DoDs network procedures. It was then decided to concentrate on the stand-alone version first.

Passport
The project was delayed several times and even caused delays with the development of the new Dutch passport. In November 2000 it was announced that the new passport would not be ready at the planned introduction date of 2 april 2001 [9]. They had hoped to be able to use the network version of the V-kaart for secure distribution of the sensitive data, but instead had to develop there own solution now. This even led to questions in Parliament [10].

Termination
During the 2nd half of 2000, the stand-alone version was tested under various circumstances. Ciphering and deciphering of files worked as expected, but both the NBV and TNO discovered vulnerabilities in the card's security. Fixing these security issues would require another design-round, with no guarantee for success. The fact that the card was only suitable for stand-alone applications, plus the fact that the use of computer networks had increased drastically since the start of the project, led to the decision to terminate the project in late 2001 [3].

Although the Dutch government considered filing a claim against Philips for the fact that they had not delivered, they never did. Stricktly speaking, Philips had delivered what was ordered and it was not their fault that the market had changed and that the customer, the DoD, kept changing the functional specification. By the time the product was finished, it had become obsolete.
 
S-Card
Once the V-kaart project was terminated, Philips decided to develop a series of new products that would be based on the V-kaart experience. The first product that was released, was a security card for the Belgian Government: the UP-1351.

The card was designated Special-Card, or S-card and the hardware was identical to V-kaart. The image on the right shows the personal key card (UP-1303) that was used with S-card.
  

 
C-Card
Another product that was derived from V-kaart, was the so-called Crypto-Card or C-Card. Again, the hardware was identical to V-kaart, but the software was rewritten in order to meet the requirements of the Dutch Government. It was given the internal designator UP-6461 and the functional demands of the DoD were dropped in this project. Although there were several set-backs, C-card was nearly finished by the time Philips Crypto closed its doors in 2003. It was later bought by Fox-IT and, after another revision, became known as FFFE (see below).
 
Fox-IT
After the demise of Philips Crypto in 2003, crypto company Fox-IT in Delft (Netherlands) bought part of the Philips legacy, including the C-card and V-kaart development, but also the GCD-Φ and GCD-Φ 2000 chips. After a few alterations to the hardware and a full rewrite of the software, they successfully implemented the concept as a PCMCIA card. The new product was called Fort Fox File Encryptor (FFFE) and was approved for information up to State Secret (Secret) level [4].

At the time, PCMCIA slots were available on most portable PCs (laptops), making installation of the FFFE very easy. For desktop machines, a suitable PCMCIA card adapter had to be installed. FFFE crypto cards were still in use within the Dutch Government in 2011. As the PCMCIA interface is no longer available on modern laptops, the FFFE card was phased out in 2012 and has now been succeeded by newer products such as the Red Fox File Encryptor [6].
 
Compumatica
Two other Philips encryption products that used the same GCD-Φ encryption chip were the Local Area Network Guard (LanGuard) and a 2Mb/s Link Encryption System (PLDX). After the demise of Philips Crypto BV in 2003, these two products were taken over by Dutch crypto company Compumatica in Uden (Netherlands) [8]. The products were incoporated with Compumatica's CryptoGuard VPN product line.
 
Similar products
  • Fortezza Crypto Card
    Fortezza is the name of a range of PCMCIA cryptographic cards that are used with a series of American cryptographic products, such as the Secure Terminal Equipment (STE).

  • Hagelin HCM-2000 Security Module
    Some Hagelin products use the HCM-2000 Security Module, which is in fact a PCMCIA card with Crypto AG's proprietary cryptographic processor. It is used in products like the HC-2203 phone encryptor.

  • MDT crypto card
    The MDT card was a high-end encryption card in the shape of a PCMCIA card that was developed by Philips Crypto BV for use with the Motorola MDT-9100 Mobile Data Terminal of the Eindhoven Police Department.

Fortezza crypto card as used with the STE Hagelin HCM-2000 Security Module MDT Crypto Card for Motorola MDT-9100 Mobile Data Terminal
MDT

 
Related products

 
Designator Description Remark  
UP 1351 S-Kaart Belgium government  
UP 6451 V-Kaart Initial project (Dutch Government and DoD)  
UP 6461 C-Kaart Dutch government  

 
References
  1. Voorschrift Informatiebeveiliging Rijksoverheid (VIR94)
    Dutch government. 1994.

  2. Tweede Kamer der Staten-Generaal, Defence budget for 1997 (Dutch)
    Vaststelling van de begroting van de uitgaven en ontvangsten van het Ministerie van Defensie (X) voor het jaar 1997. Vergaderjaar 1996-1997, 25000 X, nr. 93.
    1 July 1997. 7K2364. ISSN 0921-7371.

  3. Tweede Kamer der Staten-Generaal, Defence budget for 2002 (Dutch)
    Vaststelling van de begroting van de uitgaven en ontvangsten van het Ministerie van Defensie (X) voor het jaar 2002. Vergaderjaar 2001-2002, 28000 X, nr. 6.
    17 October 2001. KST56292. ISSN 0921-7371.

  4. Fox-IT, Fort Fox File Encryptor (FFFE card)
    2-page productsheet, retrieved 15 september 2011.

  5. NRC Handelsblad, Crypto-chip Red Fox... (Dutch)
    Crypto-chip RedFox gebruikt algoritmes om data te versleutelen en veilig te verzenden.
    1 December 2005. Retrieved July 2012.

  6. Fox-IT, RedFox Crypto chip
    Fox-IT website. Retrieved July 2012.

  7. Ing BJ van Maaren en Lkol MC van Riemsdijk MBT, De Kwaliteit van de Informatievoorziening, De juiste informatie op de juiste tijd en de juiste plaats.
    Intercom 2001-4, pp. 28-31.

  8. Compumatica, Company Profile
    Retrieved May 2012.

  9. Computable, Nieuw paspoort wederom vertraagd
    17 November 2000. Retrieved May 2012.

  10. Tweede Kamer der Staten-Generaal, Questions and Answers about the New Passport
    Vergaderjaar 2000-2001, 25764, Reisdocumenten, Nr. 15. Verslag van Algemeen Overleg, p. 2 (Dutch). 6 February 2001. KST51317. ISSN 0921-7371.

  11. Interview with anonymous former Philips Crypto engineer
    Crypto Museum, November 2012.

  12. Quick Logic, QL2009 Datasheet
    Rev. C. Date unknown. Retrieved November 2012.

Further information

Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Last changed: Monday, 04 November 2013 - 12:59 CET.
Click for homepage