BLACKBOX, Version 2.0

BLACKBOX is Designed and Created by Benjamin Harut


1.General information
2.How to begin?
3.What is BLACKBOX?
4.BLACKBOX protection fundamentals
5.Further security advices
6.Copyright
7.Contact addresses

8.Installing the program
9.How to install BLACKBOX?
10.How to uninstall BLACKBOX?

11.Main functions
12.Using the main BLACKBOX window
13.Using the 'Settings' window
14.Converting a media to BLACKBOX
15.Creating a new BLACKBOX drive

16.Processing a BLACKBOX
17.Opening a BLACKBOX
18.Closing the open BLACKBOXes

Using the main BLACKBOX window
If you are first familiar with BLACKBOX, then recommend you to see the 'How to begin?' help topic to get general advices on how to proceed.
Drives In the drives list you may see a list of all floppy drives, hard drives and BLACKBOX drives available on the current computer. At the left side of a drive you may see a symbol describing the current type and the current state of the drive. At the end of the drives list you may see an item with a name 'New', you may use it to create a new BLACKBOX drive. Move the scroll bar to select the drive which you wish to open or process, then select a button of the same window to perform the wished operation. In the drives list you may use the 'Enter' key or click the left mouse button to open a BLACKBOX. You may hide hard drives from the drives list, pointing on it in the 'Setting' window.

Open Selecting the 'Open' button you may open the currently selected BLACKBOX. This operation has effect only on BLACKBOXes, and has no effect on regular media. Instead of the 'Open' button you may press the 'Enter' key or click the left mouse button in the drives list. You may see the 'Opening a BLACKBOX' help topic for more information on how to open a BLACKBOX.
Close all Selecting the 'Close all' button you may close all the open BLACKBOXes. System wide you may press the 'Right Ctrl+Left Ctrl' keys combination to reach the same effect. That keys combination is the default and may be changed in the 'Settings' window. You may see the 'Closing the open BLACKBOXes' help topic for more information on how to close the open BLACKBOXes.

Process Selecting the 'Process' button you may process the currently selected drive. If the selected drive is not a BLACKBOX the program will propose you to convert it to a BLACKBOX if it is possible, for more information on it see 'Converting a media to BLACKBOX' help topic. If the selected drive is a BLACKBOX, then the program will propose you to change it's password, to re-encrypt it, or to unpossess it, for more information on it see 'Processing a BLACKBOX'. If the 'New' item of the drives list is the currently selected, then the program will propose you to create a new BLACKBOX drive, for more information on it see the 'Creating a new BLACKBOX drive' help topic.

General information System wide you may press the 'Left Ctrl+Right Ctrl' keys combination to open or to close the main BLACKBOX window. That keys combination is the default and may be changed in the 'Settings' window.

What is BLACKBOX?
In our days with development of computer science and with it's profound penetration in the daily live, almost everywhere in the world people entrust to computers secret information of all levels. As it is known, today almost every PC user and institution entrusts to computer personal and professional information, including letters, invoices, agreements, addresses, various bookkeeping materials, databases, science and author works, various kinds of government secrets, and a wide spectrum of important data. Also it is well known how easily and how quickly, without any footprints, that information may be theft and may become the property of undesirables.

Some people try to solve that problem keeping important data in locked safes outside the computer. But it arises other additional problems, requiring continual copying and clear wiping of the data files, but even it does not always succeed if have to do with big and complicated data, databases, or with often used files.
Understanding the importance of solution of the above mentioned problem was developed and created the security system BLACKBOX which has a power to protect any computer data, providing the practically highest security and performance without arising additional difficulties for the user.

So works BLACKBOX, it converts any regular diskette, or any regular hard drive to a BLACKBOX media (hereafter we will use BLACKBOX), which physically encrypts including it's system components. Ones the BLACKBOX is created, it may be accessed only using the valid access password available to it's legal user. After the valid access password is entered the BLACKBOX becomes open, but it still remains physically encrypted on the disk as it was before. Reading from, or writing to a such open BLACKBOX it's data encrypts and descrypts on the fly without influencing other process, no meter which data it is. That provides, that to the user and to other applications the data is available descrypted like the original, but still remains physically encrypted on the disk. Any time when user closes a BLACKBOX, or just turns off the computer, or even if the system unexpectedly halts, all the data on the BLACKBOX remains securely encrypted, afterwards to access the BLACKBOX the access password will be again required. So, to protect data, all what is necessary to do, is to move the data files onto, or create them on a BLACKBOX. Afterwards, the files may be used as before without any difference, but the files will always remain physically encrypted until they are on the BLACKBOX.

Also BLACKBOX allows to generate a wished number of new mounted BLACKBOX drives up to 4GB each, which may be physically located on any regular physical hard drive. For such cases BLACKBOX cares to allocate disk space for new BLACKBOX drives the best possible way taking into account the defragmentation state of the parent hard drive, and that way reaching the best performance for the both drives.
Very practically solved the problem with floppy diskettes. So, that in the same floppy drive you may insert a regular diskette and work with it as before, at that all data encryption and descryption on the drive will be automatically stoped. But inserting a BLACKBOX diskette the data encryption and descryption will automatically begin, and if the access password was not previously entered, it will be requested. Inserting another BLACKBOX diskette the data encryption and descryption will be automatically established for the new one. That is the user sees no difference between a regular and an open BLACKBOX diskette.

The encryption technology provided by BLACKBOX assigns to every BLACKBOX media an unique key with more than 10^38 (100.000.000.000.000.000.000.000.000.000.000.000.000) combinations excluding the back-way attack possibility, becoming a BLACKBOX hacking without the valid access password practically impossible. On-line data encryption and descryption provided by BLACKBOX practically has reached to the maximum possible performance for such a high security, and practically do not reduce the disk data transfer rate on regular modern computers. Also important to note the fact, that BLACKBOX is enough economical in the system memory allocation, which is very important in the case with the limited DOS memory, from which BLACKBOX allocates only about 11kb which is less than the amount which a regular mouse driver allocates.

BLACKBOX, as you will be convinced, is very easy even for the novice users and may be adopted by them in a short time. It is provided with an intuitive, easy to use user interface with descriptive error messages, on-line advices, automatical at work time self-installation, and without needless formalities complicating our live. That way BLACKBOX except of providing a high confidentiality in the computer activity, also provides a high culture in the daily business.
To correspond to the above mentioned requirements all BLACKBOX is totally written in Assembler programing language, using all the top-modern software and data encryption technologies.

For data encryption/descryption and further protection details you may see the ' BLACKBOX protection fundamentals' topic. On how to begin with BLACKBOX you may see the 'How to begin?' topic.
If you will have suggestions or interesting propositions, then you are welcome at anytime, please connect us using the contact addresses.

BLACKBOX protection fundamentals

Here we want to introduce the main protection fundamentals and the main protection functionality principes of BLACKBOX in brief.
Converting a media to BLACKBOX, the program generates a random, independent, unique for every media 16 bytes long key (256 combinations per byte, 256^16 combinations at whole, hereafter we will call it encryption key), and uses that key to encrypt the whole media byte by byte including it's system sectors. After such an encryption is performed, the one simple way to descrypt that media and it's data is to use the absolutely same encryption key.

The program modifies the BOOT sector of the media and adds to it a BLACKBOX information block (BIB), there it stores the important information required to make the BLACKBOX media functioning. Using the user defined access password in the role of encryption key the program encrypts the 16 bytes long encryption key using the same encryption techniques and stores it in the encrypted state into the BIB. And to have a later possibility to check the valid access password, the program encrypts the same way a previously defined 8 bytes long check value using the original encryption key and stores it into the BIB as well. The access password itself is never stored on the BLACKBOX, or anywhere else, in no way except the described above.

So, to descrypt a BLACKBOX data the unique encryption key is required, and to descrypt the encryption key the unique user defined access password is necessary.
Opening a BLACKBOX the actions flow in the back order. The program tries to descrypt the encrypted encryption key using the user access password, then using the descrypted encryption key it tries to descrypt the 8 bytes long check value, and if that value afterwards matches with the known pre-defined value the access password and the encryption key consider as the valid, otherwise the password is invalid and the descrypted encryption key is also automatically invalid and the BLACKBOX has no way to be descrypted using that unmatching encryption key.

Encrypting data the program uses pseudo-random hierarchical data encryption technology excluding such way a plain encryption and a back way to the encryption key. Encrypting each byte of data the program generates a pseudo-random value using the encryption key and then combines that value with the original data byte. Afterwards it multiple times mixes the encryption key and repeats the same action on the next byte, and so on for all data bytes.
Generating a pseudo-random value for the data encryption, the program each time performs the following main steps. First the 16 bytes encryption key multiple number of times mixes in itself using a special mixing algorithm. Then, the encryption key logically divides into four four bytes long groups. From each left and right paired groups generate two four bytes long values, which also mix in themselves multiple number of times. Then, the two generated values generate a new four bytes long value which also mixes in itself. That final four bytes long value is combined with the original four data bytes. Afterwards, the story repeats for the next data bytes, using the encryption key in the already new mixed state.

The following illustration demonstrates the described basic steps:

The above described encryption technique performs encrypting each data byte of any BLACKBOX. So, that each time when a data read from, or written to an open BLACKBOX all that encryption/descryption steps perform for each data byte in background. The same encryption technique is used also encrypting the 16 bytes long encryption key and the 8 bytes long check value.
To reach the practically highest possible performance the program automatically uses the low level 32 bits processor commands in case if an 80386, or higher central processor is present, otherwise to support the old types of computers based on 80286 compatible processors the program automatically switches to an alternate algorithm which is about five times slower.

Changing the access password of a BLACKBOX, the program re-encrypts the 16 bytes long encryption key using the new access password, and the previous encryption key remains the same. That provides a possibility for a quick and safe access password change without a need to re-encrypt the whole data on the BLACKBOX, allowing that way a frequent access password change practically without a risk of data loss.
Re-encrypting a BLACKBOX, the program truly re-encrypts the whole data on the BLACKBOX including it's system sectors, and re-assigns to it a totally new encryption key and the new access password.

Also it is important to note, that closing BLACKBOXes the program cares to wipe all possible encryption keys and all possible passwords and connected buffers from the computer memory, providing a high confidentiality of BLACKBOXes.
If you will have further questions on BLACKBOX protection and security details, then connect us using the contact addresses.

Further security advices
In this topic are described some further security advices and precautionary measures which you must take into account to provide the highest confidentiality of your data.
Because some applications saving files create backup files with the old files contents, for instance word processors, and that backup files may be created on another not on the BLACKBOX drive, which does normally never happen, it may allow a hacker to find the descrypted backup files. For it, it is necessary to configure the settings of such applications pointing them to create backup files on a BLACKBOX drive. Normally applications always create backup files direct in the directories where their original files are located, that way if the original file is located on a BLACKBOX the backup file will be automatically created on the same BLACKBOX.

Moving a file onto a BLACKBOX it is important to know that deleting or moving a file the original data of the file physically remain on the source drive and only it's name removes. That data physically wipe after another file overwrites it, but it may happen enough later and give a chance to a hacker to restore that data. To avoid it, instead of moving a file onto the BLACKBOX drive, first perform a regular copy, then physically wipe the source file using a corresponding utility. The similar way use the same utility deleting important data. Sure, you do not need to do that if you move a file from a BLACKBOX to a BLACKBOX, or if you delete a file on a BLACKBOX.

Because some applications create temporary files at their run time and store there temporary data required for their proper execution, and that data may sometimes contain parts of data which they are at the time processing, it is important to point to such applications to create their temporary files on a BLACKBOX drive. Normally all such applications use the system wide temporary files directory, which is pointed in the 'AUTOEXEC.BAT' by the 'SET TEMP=' or the 'SET TMP=' commands, for instance 'SET TMP=C:\WINDOWS\TEMP'. Modifying or adding that commands pointing to a BLACKBOX drive, all applications will automatically use the specified directory for their temporary data. Some rear applications may ignore the system wide settings and use that way other directories, in such cases you will need to configure the setting of such applications pointing them to create temporary files on a BLACKBOX drive.

If you will use a BLACKBOX drive or BLACKBOX diskettes created and delivered by another person, for instance if you will buy a computer with an already installed BLACKBOX on it, then for the security aims it is not enough to change the previously delivered access password, instead of it for the very first time use the re-encrypt operation.
If you will decide to backup a BLACKBOX drive, then remember to use BLACKBOX diskettes instead of regulars.

BLACKBOX, Version 2.0
BLACKBOX is Designed and Created by Benjamin Harutunian New Generation Systems International
BLACKBOX Copyright© 1996 by New Generation Systems International
Germany 1996 All Rights Reserved

Contact addresses
For general questions, technical support and service contact your local dealer or distributor, or use the address mentioned below. At that, if you are already using BLACKBOX, do not forget to prepare beforehand it's serial number.
If you have found a bug releated with BLACKBOX, then you may send us a fax or a letter with a detailed bug report and desirably with a copy of your actual system files. At that, make a good definable notice 'BLACKBOX bug report' on the first page or direct on the envelope. We will try to answer your question as soon at it is possible.

And generally, if you will have suggestions or interesting propositions, then you are welcome at any time.

New Generation Systems Int.

In Germany:
DC Consulting und Marketing GmbH
Aachener Str. 197-199
D-50931 Koln
Phone: +49 (221) 40 99 11
Fax: +49 (221) 40 99 33