Sceptre Link
Sceptre Link is a two-unit configuration designed for point-to-point connections.
- HEQA Security Sceptre qTx QKD Transmitter
- HEQA Security Sceptre qRx QKD Receiver
Sceptre Link can operate over a dedicated dark fiber or by multiplexing channels onto existing DWDM client traffic.
Sceptre Duo
Sceptre Duo is the industry’s first all-in-one QKD solution combining a transmitter, receiver, and key management system in a single 1U enclosure.
HEQA Security Sceptre Duo QKD Transmitter and Receiver: This device has the functionality of both Sceptre qTx and Sceptre qRx in the same box. It is a 1U device, comprising quantum transmission and reception devices and a processing unit used for the computational portions of protocol and key management.
Purpose-built for trusted node deployments, with a single 1U unit that serves 3 purposes: Alice, Bob, and KMS.
- Enhances the network security, as the encryption keys are not leaving the internal processor on key forwarding.
- Saves rack space, reduces installation and management complexity, and provides a compact building block for different network topologies.
- Sceptre Duo can operate over a dedicated dark fiber or by multiplexing channels onto existing DWDM client traffic.
HEQA Security Software
- Control and Monitor UI: Web-based software running on the QKD units, based on HEQA Security’s API. The UI presents a real-time monitor of the system state and telemetries.
You use the UI for the installation, configuration, and management of the system, the KMS and the NetKMS. You need a computer (Windows or Linux) with a web browser to connect to the Control and Monitor UI, locally or remotely.
The GUI and API support role-based access control, encrypted, and authenticated with username ans password with JWT. - Pair Key Management Systems (KMS): Software running on the QKD units, responsible for managing encryption keys within a QKD pair and delivering these keys to the routers, encryptors, or network-level KMS.
- Network Key Management System (NetKMS): Distributed software running on all the QKD units in the network, responsible for key forwarding between QKD pairs, Duo units, and trusted nodes, enabling the deployment of ring, star, and mesh QKD networks with trusted nodes.
- Defense in depth: The NetKMS software supports integrated Post-Quantum Cryptography (PQC) alongside QKD key management. This enables dual-layer keygeneration, where a PQC ML-KEM key compliant with current NIST recommendations is generated end-to-end, and combined with the QKD key using an XOR operation. This ensures that if a trusted node were compromised, the level of security is at least the PQC level. The PQC functionality operates entirely within the NetKMS layer, with no dependency on the QKD optical path.
- ExeQutive - HEQA QKD Network Controller: Web-based software running on a dedicated server connected to all the QKD units in the network, based on HEQA Security’s API. The exeQutive is a single-pane-of-glass interface. It has two functions:
- QKD network controller: Real-time monitoring and telemetry of all the QKD systems in the network. It also provides remote configuration and control over all the QKD systems in the network.
- NetKMS Controller: It provides remote configuration and control over KMEs, SEAs, and key routes in the QKD network.
