// DotShield™ BlackGlass FII — Fraud-Intent Inspector

Makesensitive flowhit a wall.

BlackGlass FII inserts an active inspection, vaulting and blocking layer between high-risk workflows and exposed data paths. Grounded in Asymmetric Custody: the capability to seal data is functionally separated from the capability to unseal it. Your data is decryptable by the data owner — not by the cloud provider, supplier, third party, adviser or advisory platform. BlackGlass FII is an owner-controlled custody and fraud-intent inspection architecture for high-risk data workflows. It helps organisations evaluate who can seal data, who can unseal it, which controls are evidenced, and whether long-retention records are ready for post-quantum custody expectations. Evaluated across eight dimensions: custody degree, coercion resistance, forward secrecy, quantum resistance, network isolation, key ceremony assurance, data classification tier, and regulatory alignment. Mapped to PSPF, ISM, PCI-DSS v4.0.1, APRA CPS 234, EO 13526, and GSCP. BlackGlass Theory — doi:10.5281/zenodo.20388612

Explore industry pressure points → Request evaluation
// Asymmetric custody flow Seal → Inspect → Gate → Owner Unlock
LIVE SIMULATION
Inbound requestform · API · adviser
AI inspectorintent · context
BlackGlass vaultowner decryptable
PQC + coercionhybrid KEM · biometric
provider
decrypt
blocked
Blocking effectstop · mask · hold
Owner unlockconsent · release
Cloud / supplierencrypted view only
0Sealed custody degrees
0Evaluation dimensions
0Framework alignments

We didn’t reinvent encryption

// BlackGlass FII — Industry pressure points

The custody gap looks different.
The architecture is the same.

Select your sector. Each view is calibrated for three entry points: risk and threat (CISO), architecture and implementation (Technical), and governance and regulatory accountability (Director). Seeing all three is intentional — it equips each reader to make the internal case to the other two.

CISO — Risk and custody architecture Technical — Engineering and implementation Director — Governance and regulatory

See your framework mapped at control level in the compliance block below, or request a BlackGlass FII Custody & Quantum-Readiness Evaluation.

Request evaluation →
// BlackGlass Theory — What we evaluate

Eight dimensions.
One sealed custody architecture.

BlackGlass Theory v1.2 (2026)
doi:10.5281/zenodo.20388612
© 2026 GABEY Consulting Pty Ltd
// BlackGlass FII — Dimensions in action

Where each dimension fires.

Select a threat scenario to see which evaluation dimensions are activated, what happens without FII in place, and how the Fraud-Intent Inspector responds.

Active dimension
Not triggered
// BlackGlass FII — The structural gap

Encryption strength is not the problem.
Custody structure is.

Conventional encrypted storage preserves a single structural weakness: the system that holds your encrypted data also holds, or can access, the capability to decrypt it. Increasing key length does not resolve this. Changing the encryption algorithm does not resolve this. Only separating the sealing capability from the unsealing capability resolves it. That is what Asymmetric Custody does. Select a custody event below to see the difference.

△ Obligations addressedAPRA CPS 234PSPF INFOSEC-8PCI-DSS v4.0.1Privacy Act 1988 (AU)ISM Control 0457
// BlackGlass FII — Custody degree calibration

Which degree does
your environment require?

Five custody degrees. D1 and D2 represent the status quo — the architecture Block 3 tested to destruction. D3 through D5 are the BlackGlass FII deployment range. Select the degree that reflects your environment and see what it requires architecturally, which obligations it satisfies, and the characteristic signals that place you there.

FII deployment rangeD3 → D5
// BlackGlass FII — Control-level compliance mapping

Your framework.
Your specific controls.
Your audit evidence.

Every claim below is made at control level, not framework level. The mechanism is named. The evidence BlackGlass FII produces for each control is named. Your auditor, regulator, or board is the intended reader of this section. Select your framework above. Your location has been used to pre-select the most relevant one.

LOCATION DETECTED
Detecting… FRAMEWORK PRE-SELECTED
// Quantum industrial signalMay 2026

Quantum is no longer a distant research risk.
It is becoming an industrial custody deadline.

In May 2026, the US Department of Commerce backed nine quantum computing firms through a US$2 billion equity investment programme. One of them is Australia's Diraq, whose silicon-CMOS approach targets millions of qubits by 2031 and tens of millions by 2033. GlobalFoundries is named as the manufacturing partner for CMOS-based scaling, meaning the production pathway uses existing semiconductor infrastructure — not bespoke quantum facilities. That matters for BlackGlass FII because long-retention records sealed today may still need protection when quantum-scale capability matures. The architectural response is not to panic. It is to stop treating classical key management as the final custody boundary.

Custody implication Long-retention custody records sealed today under classical-only key management are now inside the planning horizon of industrial quantum capability.
Signal
Custody implication
BlackGlass FII response
Evidence produced
US$2B quantum investment across nine firmsUS Dept of Commerce — May 2026
Quantum capability is moving from a research programme to an industrially funded, government-backed delivery schedule. Classical-only KMS is no longer adequate for long-retention custody planning.
PQC-ready custody architecture. Hybrid KEM pairs a classical algorithm with ML-KEM (CRYSTALS-Kyber / FIPS 203). Both outputs required to derive the unsealing key. Crypto-agile design allows algorithm substitution without re-sealing the custody archive.
Quantum-readiness assessmentAudit-ready
Diraq targets millions of qubits by 2031Diraq published target — CMOS scaling
Records sealed today with a retention horizon extending to 2031 or beyond are within the planning window of industrial quantum capability. Harvest-now/decrypt-later is not a theoretical attack vector. It is an operational custody risk.
Hybrid KEM design path at D3 through D5. Per-session ephemeral key derivation limits the blast radius of any future key exposure to a single session, not the full custody archive.
Key-management evaluation record; retention horizon analysisAudit-ready
CMOS-based manufacturing pathway confirmedGlobalFoundries partnership — May 2026
Quantum scaling no longer depends on bespoke cryogenic infrastructure. Existing semiconductor manufacturing lines are the production pathway. This accelerates the timeline from research proof to industrial output.
Crypto-agile vault architecture. Algorithm selection is documented and substitutable. When NIST issues further PQC standards, the custody architecture absorbs the update without requiring a full custody archive migration.
PQC migration evidence; algorithm selection documentationAudit-ready
Australian quantum capability is central to the signalDiraq — only non-US firm in the programme
The quantum capability maturing inside this investment programme is partially domestically produced. The risk is not abstract for Australian organisations or their regulators. PSPF and ISM forward-secrecy guidance reflects this directly.
Sovereign custody framing. BlackGlass FII maps to PSPF, ISM, and ASD guidance on cryptographic fundamentals (ISM Control 0457). The quantum-resistance dimension is not an optional add-on. It is a named evaluation axis.
Board and regulator briefing artefact; PSPF / ISM alignment recordAudit-ready
△ NIST PQC standard NIST has finalised ML-KEM / FIPS 203 as the post-quantum key encapsulation standard and states these standards can and should be put into use now. BlackGlass FII implements hybrid KEM pairing ML-KEM with a classical algorithm. Both outputs are required to unseal any custody record.
Position BlackGlass FII does not claim that quantum computers break today's encrypted records tomorrow. It claims that long-retention custody architecture must be designed before the quantum deadline arrives — and that NIST, the US Department of Commerce, and Australia's own quantum capability confirm that deadline is now a funded industrial schedule, not a research projection.
Signal source: ACS Information Age, May 2026 PQC standard: NIST FIPS 203 — ML-KEM Methodology: BlackGlass Theory — doi:10.5281/zenodo.20388612
// BlackGlass FII — Technical Brief

Take the architecture
with you.

The BlackGlass FII Technical Brief is a 6 to 10 page evaluation document covering the custody problem, the FII architecture, the five-degree custody model, the eight evaluation dimensions, the evidence artefacts the evaluation produces, and the quantum-readiness rationale grounded in current NIST and industrial signals. It is the document your CISO, architect, or risk committee can read before committing to an evaluation.

What the brief covers
  • The custody problem and why KMS alone is structurally insufficient
  • Asymmetric Custody and the FII four-layer architecture
  • Five-degree custody model: D1 through D5 with deployment context
  • Eight evaluation dimensions and what each one produces as output
  • Five named audit-ready evidence artefacts
  • Sample APRA CPS 234 control mapping at paragraph level
  • Quantum-readiness rationale with NIST FIPS 203 (ML-KEM) reference
  • Evaluation offer and three pilot categories
📄
BlackGlass FII Technical BriefPDF · 6 to 10 pages · © 2026 GABEY Consulting Pty Ltd
Register to download →
10-minute timed token — the download link expires automatically after issue
Single-use only — the link cannot be reused, forwarded, or accessed without the original token
Encrypted registration — submitted information is encrypted; decryption capability is not held by the delivery platform
◈ Live demonstration

The registration mechanism for this document is itself a scaled-down implementation of BlackGlass FII. Your submitted information is encrypted at rest. Decryption capability is not held by the delivery platform. The download link is a timed, single-use token that expires and cannot be reused or forwarded. You experience the custody architecture before you read about it.

🔒Data use

Information submitted is used solely to deliver this document and for GABEY Consulting to follow up if you explicitly request it. It is not sold, shared, or provided to any third party under any circumstances.

Encryption

Submitted registration information is encrypted at rest. Decryption capability is not held by the delivery platform. The custody architecture applied to your registration data is the same principle BlackGlass FII applies to client data workflows.

Download mechanism

The download link is a timed, single-use token valid for 10 minutes. It cannot be reused, forwarded, or accessed without the original token. Accessing the endpoint without a valid token produces no readable output.

Data disposal

Registration data is retained only for the period necessary to deliver the document and manage any follow-up you explicitly request. No marketing lists. No profiling. No third-party transfer.

Privacy notice: Personal information collected through this registration is handled in accordance with the Privacy Act 1988 (AU) and Australian Privacy Principle 11. GABEY Consulting Pty Ltd (ACN 121 511 055) is the data controller for all registration submissions. Information is not transferred outside Australia except where required to deliver the requested document. Submitted information is encrypted at rest; decryption capability is not held by any third-party platform or delivery service. The document download mechanism is a timed, single-use token implementation. Accessing the download endpoint without a valid token produces no readable content.

Copyright notice: The BlackGlass FII Technical Brief is protected by copyright. © 2026 GABEY Consulting Pty Ltd (ACN 121 511 055). All rights reserved. Published under the NOMATEQ brand. DotShield™ is a registered trade mark of GABEY Consulting Pty Ltd (TM 2602060). The brief is provided for evaluation and information purposes only and must not be copied, redistributed, republished, or modified except with written permission or where permitted by law.

// BlackGlass FII — Evaluation

Turn the architecture
into evidence.

Request a BlackGlass FII Custody & Quantum-Readiness Evaluation and receive the artefacts your board, auditor, regulator, and architecture team can actually review. Evaluated across eight dimensions. Mapped to your framework at control level.

◆ Five evaluation deliverables  ·  Eight custody dimensions  ·  Control-level evidence
Environment scoping
Custody candidates identified

Custody degree candidates are identified, regulated data classes are reviewed, and the relevant framework obligations are confirmed against your operating environment.

Evaluation
Dimensions assessed, mappings completed

BlackGlass FII is assessed across the eight custody dimensions. Control-level mappings are completed for your primary framework. The Key Ceremony Assurance Score (CAS) is produced.

Evidence delivery
Artefacts delivered, briefings prepared

Named artefacts are delivered. Board summary is prepared. Regulator and auditor briefing material is made ready. Quantum-readiness assessment is included for all engagements.

△ What you receiveFive named artefacts — all audit-ready
Evaluation output
What it contains
Primary reader
Custody Degree Assessment
Recommended D1 through D5 assignment with evidence rationale for each dimension evaluated. Degree assignment is traceable to the custody architecture, not asserted from a questionnaire.
CISO · Architecture team
Control-Level Mapping Document
Framework-specific control mapping showing the FII mechanism and named evidence for each control. Maps to, supports, and evidences your primary framework at paragraph or requirement level.
Compliance · Auditor · Board
Key Ceremony Assurance Score (CAS)
Witnessed key generation record, ceremony integrity notes, identified custody weaknesses, and the CAS score. Covers key generation, distribution, rotation, and destruction lifecycle events.
Legal · Governance · Risk
Quantum-Readiness Assessment
Retention horizon analysis, KEM design review, crypto-agility assessment, and PQC migration evidence. References NIST FIPS 203 (ML-KEM) and ISM Control 0457.
CTO · Risk committee
Board & Regulator Briefing Artefact
Two-page summary of custody architecture, obligations addressed, evidence held, and residual risk. Formatted for presentation to a board, regulator, or external auditor.
Board · Regulator · External auditor

Request a BlackGlass FII Custody & Quantum-Readiness Evaluation

No generic enquiry is required. This request is for the evaluation package described above.

Complete the evaluation request on the GABEY Consulting submission page. We will confirm scope, outline the five-artefact delivery package, and schedule the engagement. The form takes less than two minutes to complete.

Complete evaluation request → Opens gabey.com.au — GABEY Consulting Pty Ltd secure submission page

References to APRA CPS 234, PSPF, ISM, PCI-DSS v4.0.1, GDPR, DORA, UK GDPR, NCSC CAF, SOC 2, CCPA, MAS TRM 2021, ISO/IEC 27001:2022, Privacy Act 1988 (AU), and NIST FIPS 203 are for analytical mapping and informational purposes only. All framework names, standard numbers, and regulatory references are the property of their respective owners and standards bodies.

GABEY Consulting Pty Ltd (ACN 121 511 055) and DotShield™ are not affiliated with, endorsed by, accredited by, or certified under any of the named regulatory frameworks, standards bodies, or government agencies, including APRA, the Australian Signals Directorate, NIST, the Monetary Authority of Singapore, or the PCI Security Standards Council.

Control-level mappings represent analytical assertions made by GABEY Consulting Pty Ltd. They map to, support, and evidence obligations under the named frameworks. They do not constitute regulatory certification, legal advice, or compliance assurance. Organisations should obtain independent legal and compliance advice in relation to their specific regulatory obligations.

The Key Ceremony Assurance Score (CAS) and custody degree assessment are proprietary evaluation instruments of GABEY Consulting Pty Ltd. They are not certified instruments under any named framework or standards body.

References to Diraq and the ACS Information Age article (May 2026) are factual citations from publicly available sources. GABEY Consulting Pty Ltd is not affiliated with Diraq, the Australian Computer Society, or the US Department of Commerce. The quantum timeline analysis represents an analytical assertion grounded in publicly reported information and NIST PQC standardisation guidance.

Completion of a BlackGlass FII Custody & Quantum-Readiness Evaluation does not constitute regulatory approval, certification, or legal compliance assurance under any named framework. © 2026 GABEY Consulting Pty Ltd. All rights reserved.

▸ Who this is for

CISOs, CROs, compliance managers, legal counsel, and architecture teams who need evidence-grade custody documentation for a board, regulator, or auditor. Engagement is available to Australian organisations and international organisations with Australian regulatory obligations.

▸ Methodology

The evaluation is grounded in the BlackGlass Theory framework published at doi:10.5281/zenodo.20388612 and the Conditional Consequence Mapping Methodology (CCMM) published at SSRN Abstract ID 6364078 and Zenodo doi:10.5281/zenodo.19382186. Both are independently citable and verifiable.

▸ What this is not

This is not a certification service. Completion of a BlackGlass FII Custody Evaluation does not constitute regulatory approval, certification, or legal compliance assurance under any named framework. Mappings are analytical assertions made at control level and evidenced in the evaluation output.

© 2026 GABEY Consulting Pty Ltd (ACN 121 511 055). All rights reserved. DotShield™ is a registered trade mark of GABEY Consulting Pty Ltd (TM 2602060). BlackGlass FII is a DotShield™ product. Methodology: doi:10.5281/zenodo.20388612. CCMM: doi:10.5281/zenodo.19382186.