BlackDoor OPS
Gigabit Ethernet Encryptor
BlackDoor OPS
Gigabit Ethernet Encryptor
BlackDoor OPS
This standalone platform transparently encrypts Ethernet Voice, Video or Data packets, that are destined for a device located on a remote network or a different local network segment.
- AES 256-bit (GCM)
- Supports QKD (Quantum Key Distribution)
- Fully Automatic key management-1 minute to 42 day rekey interval without interruption
- Hardware Random Number Generator
- Full Duplex real time encryption
- Low latency (< 1ms)
- Four 10/100/1000 Base T, SFP Modules Optional
- ETSI Protocol support
DIMENSIONS
5"(L) x 5.3"(W) x 2.4"(H)
Ethernet Encryption
Encrypt Voice, Video, & Data at Gigabit Speeds
- Supports QKD (Quantum Key Distribution)
- Encrypt Layer 2 / 3 / MPLS Payloads
- Secure Proprietary Information
- Point-to-Point or Multipoint Architecture
- FIPS approved symmetric encryption algorithm used by U.S. Government organizations to protect sensitive information
Engage Black - Products
PARTNERED SOLUTIONS
QUINTESSENCE LABS AND ENGAGE BLACK PARTNERED TSF SERVER SOLUTION
Post Quantum Ethernet Encryption
- Utilizes Quantum-Safe Out-of-Band Key Distribution to deliver Session Keys to the BlackDoor over an encrypted out-of-band connection utilizing ETSI QKD Standard GS QKD 014 protocol.
- The ETSI QKD Standard GS QKD 014 is a communication protocol and data format for a Quantum Key Distribution (QKD) network to supply synchronized IPSec Session keys. An additional layer of Security to the BlackDoor is added by combining the IPSec session key with the Out-of-Band Key.
- A TLS Pre-Shared Key (PSK) connection to the Key Management Server provides Out-of-Band quantum-safe key transport. AES 256-bit PSKs are able to protect the connection against a large-scale quantum computer.
QUINTESSENCE LABS AND ENGAGE BLACK PARTNERED TSF SERVER SOLUTION
Post Quantum Ethernet Encryption
- Utilizes Quantum-Safe Out-of-Band Key Distribution to deliver Session Keys to the BlackDoor over an encrypted out-of-band connection utilizing ETSI QKD Standard GS QKD 014 protocol.
- The ETSI QKD Standard GS QKD 014 is a communication protocol and data format for a Quantum Key Distribution (QKD) network to supply synchronized IPSec Session keys. An additional layer of Security to the BlackDoor is added by combining the IPSec session key with the Out-of-Band Key.
- A TLS Pre-Shared Key (PSK) connection to the Key Management Server provides Out-of-Band quantum-safe key transport. AES 256-bit PSKs are able to protect the connection against a large-scale quantum computer.
Strong protection for today, quantum resilience for tomorrow:
- Replication network protected by long symmetric keys
- Standards-based interfaces and protocols
- Crypto-agile key management to manage new, quantum resilient encryption keys
- VMware KMS Certified
- Integrated HSM (optional)
- Embedded high speed QRNG (optional)
QUANTUM XCHANGE and ENGAGE BLACK Partnered QKD Solution
Quantum Key Distribution (QKD) Option
- QKD is an out-of-band symmetric key delivery method that utilizes quantum properties of a photon over dedicated fiber optic cable to exchange Encryption Keys. QuantumXC’s Phio TX does not require fiber optic cable. Instead, it can deliver out-of-band keys over any TCP/IP connection.
- The BlackDoor OPS or DUO can utilize either QKD or QuantumXC’s Phio TX to deliver Session Keys to the BlackDoor over an out-of-band connection via the support of the ETSI QKD Standard GS QKD 014 protocol. The out-of-band connection applies an additional layer of Security to The BlackDoor by encrypting and decrypting session keys with a second key.
- In a PKI, data will remain encrypted even if the public key is compromised, as the second key remains out-of-band and therefore cannot be compromised.
QUANTUM XCHANGE and ENGAGE BLACK Partnered QKD Solution
Quantum Key Distribution (QKD) Option
- QKD is an out-of-band symmetric key delivery method that utilizes quantum properties of a photon over dedicated fiber optic cable to exchange Encryption Keys. QuantumXC’s Phio TX does not require fiber optic cable. Instead, it can deliver out-of-band keys over any TCP/IP connection.
- The BlackDoor OPS or DUO can utilize either QKD or QuantumXC’s Phio TX to deliver Session Keys to the BlackDoor over an out-of-band connection via the support of the ETSI QKD Standard GS QKD 014 protocol. The out-of-band connection applies an additional layer of Security to The BlackDoor by encrypting and decrypting session keys with a second key.
- In a PKI, data will remain encrypted even if the public key is compromised, as the second key remains out-of-band and therefore cannot be compromised.
Key Management
Automated 256 bit key management configurations ensure timely key transitions and eliminate the operational and maintenance costs of managing an encrypted network with manual key distribution.
SNMP
The BlackDoor OPS Encryptor is manageable with SNMP via standard and private MIBs. Large scale deployments of encryption devices with centralized management have made SNMP support a priority.
BlackDoor OPS Overview
The BlackDoor OPS Encryptor supports Point to Point and Multipoint information assurance |
• Department of Defense • Homeland Security • Telecommunications Providers • Natural Gas & Electric Power Utility Companies | • Oil and Gas Companies • Banking & Financial Services Institutions
|
The BlackDoor OPS Encryptor transparently encrypts Ethernet Voice, Video or Data packets, that are destined for a device located on a remote network or a different local network segment. Data packets are AES encrypted at the Link, Network or Transport Layer and then tunneled, bridged or routed to the destination network. At the destination network the packets are decrypted and the original Ethernet packets are securely delivered to the destination Ethernet device.
BlackDoor OPS Standard Features
OSI Layer Encryption
It is important for an external encryption device to be able to handle encryption at multiple layers of the OSI model. TheBlackDoor OPS Encryptor can interface to all layers with an internal bridge and router and provides secure data encryption at Gigabit throughput levels.
Bridge
Interfaces at Layer 2, non-local packets are encrypted above the MAC layer and then directed to the appropriate destination address by the internal bridge.
Router
Interfaces at Layer 3, packets are encrypted above the Network Layer and then can be dynamically or statically routed to the destination network by the internal router.
Tunnel
Many times network to network security requires an encrypted ‘tunnel’ carrying Ethernet packets over a pre-defined network path. The Black•Door OPS Encryptor permits user creation of a destination table, encrypts the entire incoming packet, and adds the appropriate destination address for correct network transport.
MPLS
The BlackDoor OPSEncryptor can provide "payload only" encryption for MPLS data packets, maintaining the MPLS labels but encrypting the data. It is flexible enough to provide an encrypted ‘tunnel’ for point-to-point MPLS connections or can encrypt at Layer 2 or Layer 3 or both, easy to configure without any down time for network access equipment.
Advanced Encryption Standard
FIPS approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.