Click for homepage
← Spendex 40
Philips
Voice
Phone
ZODIAC
    
Spendex 50   UA-8246
Wideband secure voice terminal

Spendex-50 is a military secure digital speech and data terminal, developed in the early 1980s by Philips Usfa in Eindhoven (Netherlands) for the ZODIAC tactical digital integrated communications network of the Dutch Army, where it was known as Digitaal Beveiligd Telefoontoestel 1 TA-5912 or DBT. It is also known by its Philips designator UA-8246 and as NSN 5805-17-055-9132. It features the highly secret SAVILLE encryption algorithm, jointly developed by GCHQ and the NSA.

The device is housed in a ruggedized military-grade die-cast aluminium enclosure. All controls are at the top surface. It has a 16-button key-pad with an 8-character red LED-display directly above it. To the right of the display is a sealed lid below which the ZEROIZE button is located.

At the top-right are the two contact terminals for connection to a 2-wire telephone network. At the bottom right is the power input (24V). The image on the right shows a typical Spendex-50 unit, with a Crypto Ignition Key (CIK) installed and the handset locked in place with a rubber strap [1].
  
Right view

Spendex-50 allows secure speech to be sent at 16 or 32 kbits/sec using Delta Modulation (CVSD), under control of the digital exchange. Data can be send in a variety of formats at rates between 2400 and 16000 baud, optionally with Forward Error Correction (FEC). Connection to the outside world is via a 2-wire line interface using Conditioned Diphase Signalling (CDS) with an interwoven data and a signalling path, using Cyclic Permutable Codewords (CPC) [2].

For its time, Spendex-50 was a very advanced piece of equipment. Initially the Dutch Army had ordered 1500 units, but given their high price (approx. 20,000 Euro in 1983) the final order was reduced to a mere 750 units. Spendex-50 entered service in 1987 and was decommissioned in the early 2000s when ZODIAC was replaced by TITAAN. It has since become a very rare find.

  1. DBT = Digitaal Beveiligd Telefoontoestel (Digitally Secured Telephone set).

Spendex 50 with cover
Spendex 50 seated in (reversed) cover
Spendex 50 without handset and CIK
Rear view
Right view
Left view
Spendex 50 with handset and CIK
CIK (classification module)
A
×
A
1 / 8
Spendex 50 with cover
A
2 / 8
Spendex 50 seated in (reversed) cover
A
3 / 8
Spendex 50 without handset and CIK
A
4 / 8
Rear view
A
5 / 8
Right view
A
6 / 8
Left view
A
7 / 8
Spendex 50 with handset and CIK
A
8 / 8
CIK (classification module)

Features
The diagram below gives an overview of the controls and connections on the body of the Spendex 50 telephone set. The device is shown here with the hanset off-hook. The handset is connected to the set by means of a standard U-229 connector, and can also be be replaced by a headset. Just below the U-229 socket is a larger socket for connection of peripheral equipment, such a PC. In practice, this socket was used for connection of a so-called PC TELEX, for sending messages.

Click to see more

To the right of the handset cradle is a 16-button keypad, an alpha-numeric display and several indicators, for communication with the user. Towards the rear are two sockets: a U-229 socket for connection of a FILL gun, and a larger one for connection of the Crypto Ignition Key (CIK). At the left rear are two knobs for controlling the audio volume and the volume of the ringer. At the right side (not visible here) are the power socket and the backup battery (located behind a lid).

Spendex-50 secure terminal
Spendex-50 secure terminal
Lifting the handset
Handset of the Spendex-50
Volume settings
The Crypto Ignition Key (CIK) installed on a Spendex-50
ZEROIZE button
Spendex-50 without handset and CIK (close-up)
B
×
B
1 / 8
Spendex-50 secure terminal
B
2 / 8
Spendex-50 secure terminal
B
3 / 8
Lifting the handset
B
4 / 8
Handset of the Spendex-50
B
5 / 8
Volume settings
B
6 / 8
The Crypto Ignition Key (CIK) installed on a Spendex-50
B
7 / 8
ZEROIZE button
B
8 / 8
Spendex-50 without handset and CIK (close-up)

Connection types
The Spendex 50 was suitable voor (digital voice communication as well as data, with a range of options for the baud-rate and format. Signalling between the terminal and the exchange was done by means of Cyclic Permutable Codewords (CPC). When connected to a line, the following connection types are supported:

  • Dialled connection
    In this case, the terminal has registered itself with the exchange on startup. After picking up the handset, the user can dial the number of the desired party and wait for a secure connection to be established. This is the default mode of operation.

  • Switched hotline
    In this case, the system has been setup in such a way that the terminal will be linked to another terminal in the network, as soon as the handset is lifted. The user is not required to dial the number of the other subscriber.

  • Sole-user circuit
    This option does not require an exchange – or any other supporting equipment – to be present on the line. When connecting a Spendex 50 terminal at either end of a 2-wire telephone line, lifting the handset of one unit is enough to ring the bell at the other end.
Key management
As Public Key Encryption (PKE) was not commonly accepted in the military world in the early 1980s, Spendex-50 used symmetric encryption, with a patented technology for storing and distributing the key pairs [7]. Each Spendex-50 unit was capable of communicating securely with every other Spendex-50 subscriber in the network. For each link, it used a unique set of keys (key pair) that had to be stored in the unit's own memory. If the key-set of one subscriber was compromised, the rest of the network would still be secure.

The problem of storing key-pairs in the unit's memory is two-fold: (1) at the time, large non-volatile memory systems were not generally available and (2) a large number of subscribers would quickly exhaust the available memory.

The first problem was solved by using a 1Mbit bubble memory module that had just become available at the time [8]. The image on the right shows the Memtech – later taken over by Intel – 7110 bubble memory block on a Spendex-50 circuit board. The application of bubble memory introduced a range of other problems however.
  
Bubble-memory (1Mb)

The second problem, storing a large number of key-pairs, was solved by implementing a novel key-distribution system, known as Key-Cube key, or KEY3, that reduced the amount of memory needed for the key-pairs [5]. This system was later patented by the US Philips Corporation [7].

Keys were loaded into the Spendex-50 with a NATO-standard key-fill device, such as the KYK-13. The key-loader was connected to the socket marked CRYPTO towards the rear of the unit.

All keys were stored in the bubble memory in an encrypted form that was unique to the terminal, by using a Key Encryption Key (KEK) that was randomly generated by the terminal. The KEK was partly stored in the Crypto Ignition Key (CIK), and partly in a battery-backed CMOS memory inside the terminal. The KEK was recovered by adding the two key parts with an XOR operation.
  
The Crypto Ignition Key (CIK) installed on a Spendex-50

Once the keys were loaded, the CIK and the terminal were considered paired and classified. With­out that particular CIK the (loaded) terminal would be useless. Using the CIK on another (loaded) Spendex-50 was pointless, as it contains only half the randomly-generated key of the unit it was originally paired with. In case of any emergency, the users were instructed to remove the CIK in order to render the Spendex-50 – and hence the stored keys – useless. They were also instructed to destroy the CIK in case of a compromise, but that was rather difficult, as it was very robust.

For that reason, the Spendex-50 also had a ZEROIZE button that was hidden under a clearly visible sealed red metal flap, marked with the crossed-out word CRYPTO. When security was compromised, the user would lift the flap and press the button in order to erase the key-half stored in the battery-backed CMOS memory.

In practice, keys were often lost, as operators sometimes accidentally pressed the ZEROIZE button. This is why a thin wire with a lead-seal was added to the red flap. The user then had to break the seal first before lifting the flap.
  
ZEROIZE button

It is unclear why the red flap carries the crossed-out word CRYPTO, rather than the more common expression ZEROIZE, but this was probably the way it was specified by the Dutch Department of Defense (DoD). Note that the Spendex-50 uses the secret SAVILLE encryption algorithm, jointly developed by GCHQ and the NSA, that requires 128-bit keys (120 key-bits plus 8-bit checksum).

Bubble-memory (1Mb)
The Crypto Ignition Key (CIK) installed on a Spendex-50
ZEROIZE button
Key-fill device
Key-fill device with barcode pen
Key-fill device
Zeroizing the key-filler
Key-fill device
C
×
C
1 / 8
Bubble-memory (1Mb)
C
2 / 8
The Crypto Ignition Key (CIK) installed on a Spendex-50
C
3 / 8
ZEROIZE button
C
4 / 8
Key-fill device
C
5 / 8
Key-fill device with barcode pen
C
6 / 8
Key-fill device
C
7 / 8
Zeroizing the key-filler
C
8 / 8
Key-fill device




Click to see more

Parts
Spendex 50 voice/data terminal (DBT)
Protective cover
Classification Module (CM) - Crypto Ignition Key (CIK)
CIK
NATO/USA-style handset
Power cable
Keyboard overlay(s)
Key transfer device
Terminal
This is the bare Spendex 50 unit, also known as DBT. It can be used horizontally (desktop) or vertically (wall-mount) and has black rubber strap to hold the handset in place. Power and a 2-wire telephone line are connected at the right, whilst the handset and any peripherals are connected at the left.   
Spendex 50 seated in (reversed) cover

Cover
A metal cover was supplied with each Spendex 50. It is intended for protecting the controls during transport, but can also be used as a mounting base for the device, by placing it at the bottom of the unit, as shown in the image above.

Inside the cover are four rubber straps behind whichthe power cable can be stowed during transport. The cover is constructed in such a way that the connectors on the body of the Spendex 50 can be reached at all times.
  
Metal cover

Classification module
For secure communications (COMSEC) the so-called Crypto Ignition Key, or CIK, should be installed on the terminal. When keys are first loaded, the CIK is filled with a randomly generated key which, along with a randomly generated ZEROISE-key inside the terminal, is used to encrypt the traffic encryption keys.

Once loaded, the CIK is paired with the terminal and can not be used on another terminal. The CIK is cleared when the ZEROISE button is pressed.
  
CIK (classification module)

Handset
Any NATO/USA handset with an U-229 connector and standard wiring, can be used with the Spendex 50. It should be connected to the TFN socket at the left side.

Note that the elements (microphone and speaker) must be of a dynamic type, as the microphone is also used as a (ring) buzzer.
  
Spendex 50 handset

Power cable
Spendex 50 should be powered by a DC voltage between 20 and 32V (typically 24V DC), using the cable shown in the image on the right.

Power was usually supplied by the 24V battery of, say, a tank or truck. For demonstration purposes, we have added a purpose built PSU to the set.
  
Spendex 50 power cable

Keyboard overlay(s)
Spendex 50 has a number of hidden menus that allow its configuration to be changed. As it will be difficult to memorise them, two overlays were available that could be placed over the keypad.

The image on the right shows both overlays, of which the leftmost one is used in COMSEC mode (i.e. with CIK and FILL device installed) whilst the rightmost one is for use in DATA mode.
  
Two different keyboard overlays

Key transfer devices
Key can be loaded into the Spendex 50 by means of various Key Transfer Devices – or FILL guns – such as the ones shown in the image on the right. The only requirement is that it can handle the 128-bit keys of the SAVILLE algorithm.

The most common key fill device was the American KYK-13 (shown at the centre), but others, like the German KSP-1 (left) or Philips's own UP-2001 (right) were also suitable.

 More information

  
Various key-loaders for Spendex 50

Spendex 50 with cover
Metal cover
Spendex 50 seated in (reversed) cover
Two different keyboard overlays
Spendex 50 keypad
Keybaord overlay installed
Spendex 50 with COMSEC keyboard overlay
Spendex 50 with standard keyboard overlay
CIK (classification module)
Connector on the CIK
Various key-loaders for Spendex 50
D
×
D
1 / 11
Spendex 50 with cover
D
2 / 11
Metal cover
D
3 / 11
Spendex 50 seated in (reversed) cover
D
4 / 11
Two different keyboard overlays
D
5 / 11
Spendex 50 keypad
D
6 / 11
Keybaord overlay installed
D
7 / 11
Spendex 50 with COMSEC keyboard overlay
D
8 / 11
Spendex 50 with standard keyboard overlay
D
9 / 11
CIK (classification module)
D
10 / 11
Connector on the CIK
D
11 / 11
Various key-loaders for Spendex 50

Development
Spendex-50 was developed as part of the ZODIAC tactical digital integrated communications network that was used by the Dutch Armed Forces between 1987 and the early 2000s. ZODIAC itself was developed by Philips subsidary Holland Signaal (HSA) in Hengelo (Netherlands), with Philips Telecommunicatie Industrie (PTI) and Philips Usfa as sub-contractors.

Initially, PTI would develop the main Spendex-50 unit (control unit, line interface, power supply, etc.) whilst Usfa would only produce the crypto-unit. However, after a series of problems and miscommunications, Philips Usfa took over the entire development of the unit.

For digitization of speech, the Department of Defense (DoD) had the choice between PCM and Delta Modulation. It was decided that Continuous Variable Slope Delta Modulation (CVSD) produced the best quality speech in noisy environments. Furthermore, it is more error-tolerant than PCM. The terminal was specified to withstand extreme conditions, such as thunder-strikes (EMP). This was particularly important as, at the hight of the Cold War, the enemy was suspected of being capable of producing EMP-blasts by causing a nuclear explosion high up in the air.

EMP-tests were conducted at the FEL-TNO lab in The Hague (Netherlands), where the unit had to survive a 1500 Amp. direct hit on its 2-wire line terminals. The surge-arresters used in the line-interface had done their job and after restarting, the Spendex-50 was still fully operational.

Spendex-50 also had to be able to operate under military temperature conditions, such as extreme heat and extreme cold. All temperature tests were conducted by Philips Usfa themselves is a special climate room. The image on the right shows the Spendex-50 at -40° centigrade.
  
Spendex-50 undergoing a cold test at -40C

As the images of the cold-test were taken around 1983 with an analog camera under poor lighting conditions, their quality is somewhat substandard and blurry. They do show however, that after turning the unit on at -40°C, it was still working. And so it also passed this test.

All military equipment has to be water-proof to some extent. It must withstand rain and in some cases even has to be submersable. Spendex-50 was, of course, no exception to this rule.

Rain tests were usually carried out by Philips Usfa themselves at their premises in Eindhoven. Although hardly any photographic evidence of the work at Philips Usfa has survived, we were very pleased by the donation in 2011 of a series of slides by a former Spendex-developer [1]. The image on the right shows the Spendex-50 undergoing a rain-test in an improvised setup.
  
Spendex-50 water test

Rain tests were usually carried out in Usfa's own backyard, just like they did several years earlier during the development of the Ecolex-X cipher machine. More images of the spendex-50 rain-test below. Like the images of the cold-test, they were taken nearly 30 years ago with an analog camera. Nevertheless, their quality is remarkably good after all these years.

Spendex-50 undergoing a cold test at -40C
Still working at -40C
Still working at -40C
Spendex-50 water test
Spendex-50 water test
Spendex-50 water test
Spendex-50 water test
E
×
E
1 / 7
Spendex-50 undergoing a cold test at -40C
E
2 / 7
Still working at -40C
E
3 / 7
Still working at -40C
E
4 / 7
Spendex-50 water test
E
5 / 7
Spendex-50 water test
E
6 / 7
Spendex-50 water test
E
7 / 7
Spendex-50 water test




Click to see more

Interior
Spendex-50 is housed in a strong die-cast aluminium enclosure in NATO olive green colours, that is accessible from multiple sides as shown in the images below. For safety (EMC/EMP) and security (crypto) reasons, it is highly compartimented, at the bottom as well as at the rear.

The interior of the compartments at the rear side of the device can be accessed by releasing 14 hex bolts at the rear, after which the entire rear panel – including the carrying grip – comes off.

There are four compartment as shown in the image on the right: (1) a highly efficient SMPS (switched-mode power supply) that converts the external 24V DC into the voltages required by the circuitry, (2) telephone line protection by means of gas-filled surge arresters, (3) sockets for the FILL and CIK interfaces with filtering, and (4) handset and peripheral interface terminals.
  
Click to see more

All further electronic circuits are located at the bottom of the unit. Removing the bottom panel provides access to the line interface, the analog sound processing, the CPU, the crypto-heart and the memory. All PCBs, except for the line interface (CDS), are connected to a common backplane.

The bottom section can be accessed by releasing 18 hex bolts at the bottom, after which the panel can be taken off. The image on the right shows a Spendex-50 unit of which the rear and bottom panels have been removed. At the far end is the line interface (CDS) which – for safety reasons – is located in a separate compartment. Also at the far end is a tamper switch, which ensures that all crypto keys are purged when the case is opened.

The largest compartment has room for 10 PCBs – numbered 1 thru 10 – which can be slotted into a backplane. Note that boards 3 and 4 are missing.
  
Perspective view of the interior

In the first prototype, all 10 slots were used. During development however, some of the circuits (and their boards) were redesigned serveral times, as a result of which both the CODEC and the crypto KEY generator – each of which occupied two boards – could each be fitted on a single PCB.

PCB (1) is the Delta Modulator. It holds the AF amplifiers and two purpose-built OQ-2229 Continously Variable Slope Delta Modulators (CVSD), that were manufactured by Philips for internal use only, hence the OQ-numbering.

The entire unit is controlled by a CPU – located on board (8) – that is built around an Intel 8085 processor running at 6 MHz. It is accompanied by 2 EPROMs of 32KB each and 4KB of RAM. Next to the CPU is the bubble memoryboard (9) – in which the actual cryptograpich keys are stored in encrypted form. This board takes a double slot.
  
Close-up of the Delta Modulators

The most interesting part of every cryptographic device is arguably the so-called Crypto-Heart. In the Spendex-50, the crypto-heart takes the form of a single PCB in slot number 5.

The image on the right shows a close-up of one of three OQ-4430 crypto-processors, designed by Philips Usfa. The same chip was used in the Spendex-40. According to the date stamp on the chip, it was manufactured mid-1989. At the time, these chips were classified as confidential.

The crypto-heart contains three more-or-less identical circuits, each built around an OQ-4430 with 2KB of RAM. In a full duplex system, one crypto-unit is used for reception, whilst the other two are used for fail-safe transmission, raising an alarm if their outputs are different.
  
Close-up of one of the crypto-chips

The OQ-4430 is a proprietary in-house developed chip that contains Philips' own implementation of the highly secret SAVILLE cryptographic algorithm, that had been developed in the late 1960s, jointly by GCHQ in the UK and the NSA in the USA. In fact, Philips was the first company outside the US and the UK to be licensed to implement the SAVILLE algorithm in their own hardware chip.

Although SAVILLE is also used in other crypto phones – such as the Spendex 40 and the STU-II – Spendex 50 is not interoperable with them, as it uses wideband CVSD modulation, whereas the others are based on a narrowband LPC-10 vocoder.

Interior, rear compartment (close-up)
PSU
Line connection (protected against EMP)
Interior (seen from the rear)
Interior (bottom view)
Perspective view of the interior
Line interface compartment
Tamper detection (switch)
Early prototype with all 10 boards fitted
Delta Modulator board
Close-up of the Delta Modulators
Processor board
Bubble memory and interface boards
Crypto-heart extracted from the terminal
Crypto-board
Close-up of one of the crypto-chips
F
×
F
1 / 16
Interior, rear compartment (close-up)
F
2 / 16
PSU
F
3 / 16
Line connection (protected against EMP)
F
4 / 16
Interior (seen from the rear)
F
5 / 16
Interior (bottom view)
F
6 / 16
Perspective view of the interior
F
7 / 16
Line interface compartment
F
8 / 16
Tamper detection (switch)
F
9 / 16
Early prototype with all 10 boards fitted
F
10 / 16
Delta Modulator board
F
11 / 16
Close-up of the Delta Modulators
F
12 / 16
Processor board
F
13 / 16
Bubble memory and interface boards
F
14 / 16
Crypto-heart extracted from the terminal
F
15 / 16
Crypto-board
F
16 / 16
Close-up of one of the crypto-chips

Bubble memory
As Spendex-50 uses symmetric encryption, it has to hold key-pairs for every possible connection in the network. In a network of, say, 2000 subscribers, this would quickly exhaust the available memory. This was partly solved by using a clever exchange-assisted key-distribution scheme, which greatly reduced the memory needed for the key-pair tables, known as Key-Cube Key [5].

The major problem however, was the storage space needed for the keys, as large non-volatile memory systems were not commonly available at the time. This problem was overcome by using a 1Mbit 7110 bubble memory unit that had just become available from Memtech (later: Intel).

Like with contemporary harddiscs, it was virtually impossible to manufacture an error-free bubble memory unit. Usable sectors were thefore listed on the label as a series of hexadecimal numbers, in which an 'F' represents 4 usable sectors. Any bad sectors are masked-out in the software.
  
Bubble-memory (1Mb)

As bubble memories were not very reliable — a good sector might suddenly become a bad one — Philips engineers added some level of redundancy, to make it possible to 'repair' and 'defects' in the field, entirely in software. As the buying price for the Intel 7110 was several thousand Dutch Guilders (NLG) at the time, it added considerably to the overall cost of the unit, which is one of the reasons why the Dutch Department of Defence reduced the ordered quantity to 750 units.

Bubble memory was never really popular. Soon after its introduction, larger flash memory devices became available, which were more reliable and much cheaper. Although this was too late for the Spendex-50, it would have made sense to do a midlife upgrade several years later, and redesign the key storage board with flash memory. This was in fact suggested by Philips engineers, but was declined by the DoD, as they didn't want to go through the approval procedure again [1].

Removing the bubble memory
Bubble memory and interface boards
Bubble memory and interface boards
Bubble-memory board
Close-up of the Intel bubble-memory controller
Bubble-memory (1Mb)
Bubble-memory (1Mb)
Re-seating the bubble memory board
G
×
G
1 / 8
Removing the bubble memory
G
2 / 8
Bubble memory and interface boards
G
3 / 8
Bubble memory and interface boards
G
4 / 8
Bubble-memory board
G
5 / 8
Close-up of the Intel bubble-memory controller
G
6 / 8
Bubble-memory (1Mb)
G
7 / 8
Bubble-memory (1Mb)
G
8 / 8
Re-seating the bubble memory board

ZODIAC
Although a Spendex-50 terminal can be used on its own — two units can be connected directly back-to-back — it was intended for the ZODIAC tactical network of the Dutch armed forces.

After ZODIAC was phased out (2004-2007), a working HSA telephone exchange, complete with all cryptographic equipment and a number of operational Spendex-50 units — DBTs — was installed at the Royal Dutch Signals Museum.

 More about ZODIAC

  

Numbering scheme
When setting up a call via the digital telephone exchange of ZODIAC, the user had to dial the 13-digit number of the other party, which consisted of a 6-digit prefix, and a 7-digit sub­scriber number. The subscriber number was not tied to the geographical location of the subscriber, but to his function in the military hierarchy, in such a way that it could be 'guessed' intuitively. This deterministic method is part of the EUROCOM standard and is fully described in STANAG 1 5046.

ZODIAC subscriber numbering scheme

The 6-digit prefix is also known as the NIAC field, and consists of two 3-digit fields, here shown in red and green respectively. The first part is the Nationality Indicator (NI) of which the first digit is always '9'. The remaining digits (XX) represent the nationality. The second part is the Area Code (AC) of which the first digit (N) is the network number (e.g. army corps) and the remaining digits (YY) represent the nationality of (N). If XX and YY are identical, the subcribers are assumed to be 'local' If they are not identical, NYY is assumed to be a guest on 9XX's network. The definition of the NIAC field is part of the EUROCOM standard and is fully described in draft-STANAG 4214.

  1. STANAG = Standard NATO Agreement.

Similiar equipment
DWBST 55   UA-8328
An adapted version of Spendex 50 was made available for use by other NATO countries. It was known as DWBST 55 and as UA-8238. DWBST stands for Digital Wide-Band Secure Terminal. In appearance it was identical to the regular Spendex 50, and complied with EUROCOM standards.

It was advertised as a stand-alone tactical wide-band secure voice terminal designed for secure communication of speech and data (either digital or analogue), operating at 16 or 32 kbits/s [5].

The terminal enables a subscriber to set up a fully automatic secure end-to-end connection for digital communication with another UA-8328 — or compatible equipment — in the network. The terminal can also be used as an automatic telephone for plain-language communication. For the compression of speech (80-3400 kHz), i6 uses delta modulation (CVSD) at 16/32 kbit/s.
  
Right view

Data can be transferred at 2400 baud (asynchronous). For secure traffic it can hold up to 18 sets of common net keys which can be pre-loaded into any terminal. It can also be used for up to 3400 subscribers in a network, in which case key pairs are stored in its internal bubble memory. According to Jane's Military Communications catalogue of 1986 [5], DWBST 55 was in production in 1986, but it is doubtful wether any Spendex-50 units were ever sold under this name.


KY-68
Approximately 10 years after the conception of the Spendex 50, the US Army and US Navy introduced a similar device, with nearly identical specifications: the KY-68 Digital Subscriber Voice Terminal (DSVT). The device is similar is size, weight, specification and operation.

The image on the right shows a typical KY-68 unit. Like the Philips Spendex 50 it uses CVSD modulation, biphase signaling and 8-bit cyclic permutable codewords (CPC). The main differences are the lack of a display and CIK.

The DSVT was introduced in 1992 and was gradually phased out in 2010, when it was replaced by the (incompatible) Secure Terminal Equipment (STE).

 More information

  
KY-68 Digital Secure Voice Terminal

Connections
Power
The Spendex 50 is powered by a DC voltage between 20 and 32 V – typically 24V – that should be applied to the three-pin socket at the right side. It can briefly withstand a voltage up to 40V and power surges up to 250V. The pinout is as follows (looking into the socket):

  1. (+) 20-32V DC
  2. (-) 0V
  3. not connected
Handset
A standard 5-pin U-229 socket (U-183/U) is present for connection of a (US-standard) handset with speaker, microphone and push-to-talk (PTT) switch. Note that the microphone should be of a dynamic type, as it is used by the Spendex 50 as (ring) buzzer.

  1. GND
  2. SPK
  3. PTT
  4. MIC
  5. not connected
    Click to see more
Specifications
  • Wiring
    WD1/TT (2-wire), Eurocom D/I
  • Signalling
    CPC
  • Speech
    16 kb/s, Delta Modulation 1
  • Encryption
    SAVILLE
  • Frequency
    80 - 3400 Hz (analogue data 300 - 3400 Hz)
  • Keys
    NET (18 sets), KC 2 (3400 subscribers)
  • Fill
    Using key transfer device or via transmission line
  • Power
    20 to 32V DC
Parts
  • TA-5912
    Spendex 50 (DBT) with handset and cover
  • CX-4657
    Power cable (in bag)
  • KY-6388
    Classification Module (CM or CIK)
  • -
    Overlay for DATA mode
  • -
    Overlay for COMSEC mode
  • MX-6390
    Mounting panel
  • MX-6390
    Shock-mounting
  • IK001433/1
    Instruction card DBT general
  • IK001433/2
    Instruction card DBT COMSEC
  1. Also known as Digitally Controlled Delta Modulation (DCDM) or Continuous Variable Slope Deltmodulation (CVSD).
  2. KC = Key Cube.

Nomenclature
The Spendex 50 is known under the following names and designators:

  • Spendex 50
  • DBT
    Digitaal Beveiligd Toestel (Digital Secure Device)
  • DBT
    Digitaal Beveiligd Telefoontoestel (Digitial Secure Phone)
  • UA-8246
    Philips Usfa internal designator
  • TA-5912
    Dutch Army designator
  • DWBST 55
    Digital Wide-Band Secure Terminal (NATO)
  • UA-8238
    NATO-specific variant
  • NSN
    5805-17-055-9132
Glossary
CIK   Crypto Ignition Key
Unique physical key module that is paired with the equipment and contains part of the cryptographic key(s). Also known as Classification Module, CLASMOD or CM.
Clasmod   Classification Module CIK
CM   Classification Module CIK
CVSD   Continuous Variable Slope Deltamodulation
Method for converting analogue sound into a 1-bit data stream, in which each bit has the same weight. It is often chosen over Pulse Coded Modulation (PCM) because of its high resilience to bit errors (up to 10%).  More
ZK   Zeroizse Key
Randomly generated key, held in battery-backed RAM inside the terminal, that is used together with the Crypto Ignition Key (CIK) to encrypt the Traffic Encryption Keys (TEKs) stored in the bubble memory of the Spendex 50.
Documentation
  1. Philips Usfa BV, Spendex 50, Tactical Secure Voice Terminal Type UA 8546/00
    Provisional information. February 1984. 4 pages.

  2. HSA 1 , Technische Handleiding TA5912 - Bediening en 1e echelons onderhoud
    Technical Manual - Operation and User Maintenance (Dutch).
    1TH001433/1. 3522 369 00092. 6 April 2001.

  3. HSA 1 , Technische Handleiding TA5912 - COMSEC bediening
    Technical Manual - COMSEC operation (Dutch).
    1TH001433/1. 3522 369 00092. 6 April 2001.

  4. HSA 1 , Technische Handleiding TA5912 - 3e echelons onderhoud
    Technical Manual - Maintenance Manual (Dutch).
    1TH001433/1. 3522 369 00092. 21 March 2001.

  5. Instructiekaart Digitaal Beveiligd Telefoontoestel
    Dutch Army. Short User Instruction Card (Dutch).
    IK001433/1. 3522 369 00083. 5 April 2001.

  6. Instructiekaart Digitaal Beveiligd Telefoontoestel - COMSEC
    Dutch Army. COMSEC instruction card (Dutch).
    IK001433/2. 4 April 2001.

  7. Detaillijst Digitaal Beveiligd Telefoontoestel TA-5912
    Dutch Army. 1DL 5805-17-055-9132. 3 February 1997.

  8. Technische Handleiding Digitaal Beveiligd Telefoontoestel TA-5912
    Dutch Army. 1TH 001433/1/2. 5805-17-055-9132
  1. HSA = Hollandse Signaal Apparaten. This manual was re-issued to the Dutch Army in 2001 after HSA had taken over Philips Usfa BV. Strickly speaking, the Spendex 50 was handled by Philips Crypto BV at this time and not by HSA, but HSA had the overall responsibility for the Army's ZODIAC communications system.

References
  1. Mathieu Goudsmits, Spendex-50 developer at Philips Usfa
    Interview, Crypto Museum. July 2011.

  2. Fysisch en Elektronisch Laboratorium TNO,
    Definitie rapport taktisch LAN demonstratie (Dutch)

    Unclassified. June 1990, p. 28 - Het DBT interface.

  3. AJW van Daal & P van der Vlist, DELTACS - a versatile tactical communication system
    Philips Telecommunicatie Industrie BV (PTI), Hilversum (Netherlands), 1984.
    Reprint from Philips Telecommunication Review, Vol. 42, No. 2, pages 74-89.

  4. Royal Dutch Signals Museum
    Museum Verbindingsdienst.

  5. Jane's Military Communication 1986
    ISBN: 0-7106-0824-1. p. 446.

  6. CJA Jansen, Classical Key Management
    Proceedings of the Fifth Symposium on Information Theory in the Benelux,
    Aalten, The Netherlands, 24-25 May 1984, pp. 94-101.

  7. US Patent 4607137, Method of distributing and utilizing enciphering keys
    CJA Jansen, AJM vd Pas, P vd Vlist, F Hafkamp. US Philips Corporation.
    Filed 13 April 1984, issued 19 August 1986.

  8. Wikipedia, Bubble memory
    Retrieved May 2012.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Saturday 16 July 2011. Last changed: Friday, 11 October 2019 - 17:12 CET.
Click for homepage