The Blacker front end (BFE) is a classified encryption device used by hosts that want to communicate across unsecured wide area networks. BFE devices are typically found in government networks (for example, DSNET), which handle sensitive data requiring a greater degree of security. Blacker front end support allows the router to connect to BFE devices. The BFE device, in turn, provides the router with encryption services while acting as the data communications equipment (DCE) end of the connection between the router and the X.25 network. Hosts using attached BFE devices can communicate with each other over an unsecured packet-switched network using data paths secured by the encryption services of the BFEs. These hosts are part of a Red virtual network. The packet-switched network that carries both the data secured by BFEs and any other unsecured data is known as the Black network.
BFE devices receive authorization and address translation services from an Access Control Center residing on the Black network. The ACC makes access control decisions that determine which hosts are allowed to communicate with each other. A Key Distribution Center (KDC) residing on the Black network provides encryption keys and key management services. A BFE device uses these encryption keys for encrypting traffic between itself and other BFE devices.