2. Home
  3. Products
  4. Ethernet Encryption
  5. BlackDoor
  6. BlackDoor DUO

BlackDoor DUO
10/100 Ethernet Encryptor

BlackDoor DUO
10/100 Ethernet Encryptor

BlackDoor DUO image
BlackDoor DUO image
BlackDoor DUO

This standalone platform transparently encrypts Ethernet Voice, Video or Data packets, that are destined for a device located on a remote network or a different local network segment.

  • AES 256-bit (GCM)
  • Supports QKD (Quantum Key Distribution)
  • Fully Automatic key management-1 minute to 42 day rekey interval without interruption
  • Hardware Random Number Generator
  • Full Duplex real time encryption
  • Low latency (< 1ms)
  • Two 10/100/1000 Base T, SFP Modules Optional
  • ETSI Protocol support

DIMENSIONS

4" (L) x 6” (W) x 1” (H)

Ethernet Encryption

 

 Encrypt Voice, Video, & Data at Gigabit Speeds

  • Supports QKD (Quantum Key Distribution)

  • Encrypt Layer 2 / 3 / MPLS Payloads

  • Secure Proprietary Information

  • Point-to-Point or Multipoint Architecture

  • FIPS approved symmetric encryption algorithm used by U.S. Government organizations to protect sensitive information

Engage Black - Products

Certificate Authority
Hardware Security Module
Ethernet Encryption
Circuit Encryption

BlackDoor DUO SFP Option

  • Supports ETSI QKD Standard GS QKD 014
  • One 10/100/1000 Base T
  • One SFP Port
    Encrypt Voice, Video, & Data up to
    200 Mbps Speeds
  • Encrypt Layer 2 / 3 / MPLS Payloads
  • Secure Proprietary Information
  • Point-to-Point or Multipoint Architecture
  • FIPS approved symmetric encryption algorithm used by U.S. Government organizations to protect sensitive information

BlackDoor DUO SFP Option

  • Supports ETSI QKD Standard GS QKD 014
  • One 10/100/1000 Base T
  • One SFP Port
    Encrypt Voice, Video, & Data up to
    200 Mbps Speeds
  • Encrypt Layer 2 / 3 / MPLS Payloads
  • Secure Proprietary Information
  • Point-to-Point or Multipoint Architecture
  • FIPS approved symmetric encryption algorithm used by U.S. Government organizations to protect sensitive information
BlackDoor DUO image
BlackDoor DUO image

PARTNERED SOLUTIONS

QUINTESSENCE LABS AND ENGAGE BLACK PARTNERED TSF SERVER SOLUTION

Post Quantum Ethernet Encryption

  • Utilizes Quantum-Safe Out-of-Band Key Distribution to deliver Session Keys to the BlackDoor over an encrypted out-of-band connection utilizing ETSI QKD Standard GS QKD 014 protocol.

  • The ETSI QKD Standard GS QKD 014 is a communication protocol and data format for a Quantum Key Distribution (QKD) network to supply synchronized IPSec Session keys. An additional layer of Security to the BlackDoor is added by combining the IPSec session key with the Out-of-Band Key.

  • TLS Pre-Shared Key (PSK) connection to the Key Management Server provides Out-of-Band quantum-safe key transport. AES 256-bit PSKs are able to protect the connection against a large-scale quantum computer.

QUINTESSENCE LABS AND ENGAGE BLACK PARTNERED TSF SERVER SOLUTION

Post Quantum Ethernet Encryption

  • Utilizes Quantum-Safe Out-of-Band Key Distribution to deliver Session Keys to the BlackDoor over an encrypted out-of-band connection utilizing ETSI QKD Standard GS QKD 014 protocol.
  • The ETSI QKD Standard GS QKD 014 is a communication protocol and data format for a Quantum Key Distribution (QKD) network to supply synchronized IPSec Session keys. An additional layer of Security to the BlackDoor is added by combining the IPSec session key with the Out-of-Band Key.

  • TLS Pre-Shared Key (PSK) connection to the Key Management Server provides Out-of-Band quantum-safe key transport. AES 256-bit PSKs are able to protect the connection against a large-scale quantum computer.

Strong protection for today, quantum resilience for tomorrow:

  • Replication network protected by long symmetric keys​
  • Standards-based interfaces and protocols​
  • Crypto-agile key management to manage new, quantum resilient encryption keys​
  • VMware KMS Certified​
  • Integrated HSM (optional)​
  • Embedded high speed QRNG (optional)
TSF Key & Policy Manager Diagram
Q Labs & BlackDoor Diagram

QUANTUM XCHANGE and ENGAGE BLACK Partnered QKD Solution

Quantum Key Distribution (QKD) Option

  • QKD is an out-of-band symmetric key delivery method that utilizes quantum properties of a photon over dedicated fiber optic cable to exchange Encryption Keys. QuantumXC’s Phio TX does not require fiber optic cable. Instead, it can deliver out-of-band keys over any TCP/IP connection.

  • The BlackDoor OPS or DUO can utilize either QKD or QuantumXC’s Phio TX to deliver Session Keys to the BlackDoor over an out-of-band connection via the support  of the ETSI QKD Standard GS QKD 014 protocol. The out-of-band connection applies an additional layer of Security to The BlackDoor by encrypting and decrypting session keys with a second key.

  • In a PKI, data will remain encrypted even if the public key is compromised, as the second key remains out-of-band and therefore cannot be compromised. 

QUANTUM XCHANGE and ENGAGE BLACK Partnered QKD Solution

Quantum Key Distribution (QKD) Option

  • QKD is an out-of-band symmetric key delivery method that utilizes quantum properties of a photon over dedicated fiber optic cable to exchange Encryption Keys. QuantumXC’s Phio TX does not require fiber optic cable. Instead, it can deliver out-of-band keys over any TCP/IP connection.

  • The BlackDoor OPS or DUO can utilize either QKD or QuantumXC’s Phio TX to deliver Session Keys to the BlackDoor over an out-of-band connection via the support  of the ETSI QKD Standard GS QKD 014 protocol. The out-of-band connection applies an additional layer of Security to The BlackDoor by encrypting and decrypting session keys with a second key.

  • In a PKI, data will remain encrypted even if the public key is compromised, as the second key remains out-of-band and therefore cannot be compromised. 
BlackDoor OPS QKD Diagram
BlackDoor OPS QKD Diagram

Key Management

Automated 256 bit key management configurations ensure timely key transitions and eliminate the operational and maintenance costs of managing an encrypted network with manual key distribution.

SNMP

The BlackDoor DUO Encryptor is manageable with SNMP via standard and private MIBs. Large scale deployments of encryption devices with centralized management have made SNMP support a priority.

BlackDoor OPS Low Poly White Key
BlackVault Certificate Authority (CA) Black and Grey Network Diagram

BlackDoor DUO Overview

The BlackDoor DUO Encryptor supports Point to Point and Multipoint information assurance
configurations with unique dynamic keys while supporting QKD (Quantum Key Distribution). The BlackDoor DUO Encryptor is designed for gigabit wireline or wireless backbone configurations. The BlackDoor meets stringent security requirements while reducing overall network complexity in applications including:

• Department of Defense
• Homeland Security
• Telecommunications Providers
• Natural Gas & Electric Power Utility Companies 		    • Oil and Gas Companies

• Banking & Financial Services Institutions
• Transportation Agencies
• Public Safety Networks

The BlackDoor DUO Encryptor transparently encrypts Ethernet Voice, Video or Data packets, that are destined for a device located on a remote network or a different local network segment. Data packets are AES encrypted at the Link, Network or Transport Layer and then tunneled, bridged or routed to the destination network. At the destination network the packets are decrypted and the original Ethernet packets are securely delivered to the destination Ethernet device.

BlackDoor DUO Standard Features

OSI Layer Encryption
It is important for an external encryption device to be able to handle encryption at multiple layers of the OSI model. The BlackDoor DUO Encryptor can interface to all layers with an internal bridge and router and provides secure data encryption at Gigabit throughput levels.

Bridge
Interfaces at Layer 2, non-local packets are encrypted above the MAC layer and then directed to the appropriate destination address by the internal bridge.


Router
Interfaces at Layer 3, packets are encrypted above the Network Layer and then can be dynamically or statically routed to the destination network by the internal router.


Tunnel
Many times network to network security requires an encrypted ‘tunnel’ carrying Ethernet packets over a pre-defined network path. The BlackDoor DUO Encryptor permits user creation of a destination table, encrypts the entire incoming packet, and adds the appropriate destination address for correct network transport.

MPLS
The BlackDoor DUOEncryptor can provide "payload only" encryption for MPLS data packets, maintaining the MPLS labels but encrypting the data. It is flexible enough to provide an encrypted ‘tunnel’ for point-to-point MPLS connections or can encrypt at Layer 2 or Layer 3 or both, easy to configure without any down time for network access equipment.

SECURITY & ENCRYPTION

Tamper resistance & anti probing barriers AES-GCM mode for integrity AES 128 or 256 bit keys IDQ Quantum Random Generator Support for Quantum Key Distribution Automatic seamless key management Policy based on MAC address or VLAN ID Encryption modes Certification

Advanced Encryption Standard
FIPS approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.