I. Requirements Analysis
The rapid advancement of quantum computing poses a serious threat to existing cryptographic technologies. Guided by the strategic requirements of the global energy internet, the power industry adheres to the principles of "security zoning, dedicated networks, horizontal isolation, and vertical authentication." It has issued the "Notice on Matters Decided for Research and Application of Quantum Communication Technology," committing to explore the application of quantum communication technology to achieve technological upgrades and ensure network information security.
The Quantum Key Service Terminal (QKST) serves as the endpoint device of a quantum key distribution system, directly providing quantum-secure services for power applications. It collaborates with the Quantum Key Management Center to establish an integrated quantum security protection system encompassing management, service delivery, and application deployment.
II. Working Principle
The Quantum Key Service Terminal is a key management device integrating quantum key storage, distribution, relay, management, and application functions. It serves as an intermediate service layer built upon quantum key distribution equipment, providing services to key application devices. Quantum key distribution devices generate secure quantum keys between two locations using quantum encoding and decoding technologies. These keys are then handed over to the quantum key management service for administration. Through key storage, relaying, and distribution, the quantum key management service achieves secure synchronization and application of key information. Various key application devices, such as quantum key gateway devices and quantum secure switches, can obtain keys from the quantum key management service after passing its authorization authentication. The quantum key management service provides continuous, secure, and reliable key services to application terminals.
The quantum key service terminal manages and receives key injection from multiple quantum key distribution terminals, providing secure keys in real time to quantum key application layer software or hardware devices. Working in conjunction with the quantum key management center, it enables multi-tiered distributed quantum key application management.
III. Features and Functions
1. Supports secure storage of quantum keys;
2. Supports real-time high-speed key streaming distribution;
3. Supports multi-level quantum key relaying;
4. Supports concurrent access from multiple device types.
IV. Product Specifications
| Name | Parameters | Unit |
| Number of terminals supporting quantum key distribution | 1000 | / |
| Number of devices supporting quantum key applications | 1000 | / |
| Number of service terminals supporting quantum key distribution | 100 | / |
| Gigabit Ethernet port | ≥6 | / |
| Chassis Dimensions | 482.5 * 89 * 500 | mm |
| Power Supply | 100–240 V (dual power supply) | Vacant |
| Power consumption | ≤350 | W |
V. Typical Applications
1. Secure Communications for Power Dispatch Command Systems: Protection of Inter-Provincial/Regional Dispatch Instructions
① Provides "one-time-one-key" quantum encryption for five-tier dispatch commands ("national-network-provincial-regional-county"), preventing command tampering and theft under quantum computing attacks;
② Reducing the scheduling system's bit error rate from the conventional 1e-6 to 1e-18 ensures the security of SCADA system data for the "four remote functions" (remote measurement, remote signaling, remote control, and remote adjustment).
③ Quantum terminals are integrated into dispatch terminals to enable quantum-encrypted transmission of "power plant to substation" commands, ensuring command integrity even against quantum computing attacks.
2. Substation Security Protection and Monitoring: Protection of On-site Automation Systems
① Encrypt IEC 61850 protocol communications to prevent hijacking of control commands in smart substations;
② Provide quantum-secure authentication for relay protection devices to ensure the accuracy of protective actions;
③ Drone/Robot Inspection Security: Prior to inspections, drones obtain quantum keys from quantum key service terminals to ensure secure transmission of inspection data. Quantum-encrypted channels are provided for on-site intelligent devices (cameras, quadruped robots), establishing integrated "end-to-network-to-cloud" security protection.
3. Grid Integration Safety Assurance for New Energy: Secure Transmission of Aggregated Distributed Energy
① Two-stage quantum encryption scheme for aggregation and access: First, use wireless quantum encryption to securely aggregate dispersed small hydropower/photovoltaic data to regional control stations, then transmit it via fiber-optic quantum encryption to the dispatch system.
② Ensure secure transmission of AGC/AVC commands at new energy stations to prevent "pseudo-grid connection" attacks.
4. Security Enhancement for Distribution Network Automation: Security Hardening of Distribution Network Terminals
① Provide quantum key dynamic updates for distribution terminals such as FTUs, DTUs, and TTUs to prevent device cloning;
② Establish secure channels over the 5G public network using quantum CPE devices, reducing command transmission costs by 70% (compared to fiber optics).
