With the advancement of digital technology and the onset of the post-pandemic era, the human desire for emotional bonds has increased. The idol industry is experiencing substantial transformational challenges as fans grow discontented with unilateral idol worship and seek more interactive experiences. At the second "2025 AI Wave: Taiwan Generative AI Applications Hackathon," the "Disheveled in the Wind" team created an innovative solution merging physical dolls with AI technology, establishing a new paradigm for the idol economy, and won the Gamania Group Vyin AI's "AI Idol" category.Disheveled in the Wind wins "AI Idol" category with Aidol—an interactive AI companion that redefines emotional connection in fandom. Credit: CompanyThe "Disheveled in the Wind" team members are from Taiwan's National Tsing Hua University and National Central University. Their enthusiasm for the idol sector, combined with their robust technical expertise, led them to leverage generative AI technology to develop a sophisticated idol product capable of genuinely engaging with fans, addressing the market's need for emotional connection, and creating new value within the idol economy.Through comprehensive user research, the team discovered that most current idol products are unidirectional, showing a substantial lack of interactivity and genuine connection. Despite their profound devotion to their idols, fans are unable to establish authentic connections due to limited interactive resources. The user study findings reveal that fans are intrigued by the emotional depth, personality, and authenticity of their idols' voices. They anticipate receiving unique responses tailored to specific occasions, such as anniversaries and farewells, rather than mechanical, standardized interactions.In response, "Disheveled in the Wind" created an intelligent doll named "Aidol" that integrates interactive capabilities, vocal communication, and emotional memory functions. This device is advertised as an "AI idol that can accompany you" and has five primary purposes.The five key features include: first, the "share daily life" function, allowing users to upload photos to the cloud and receive feedback from idol about their lives; second, "personalized conversation memory," archiving previous interactions for a more authentic idol experience; third, "exclusive event reminder," automatically notifying users of birthdays, idol activities, and other important events; fourth, "multiple personality switching," offering various personality modes including energetic, gentle, dark, and comical; and fifth, "manual switch memory and interaction intensity," enabling users to regulate interaction pace and protect privacy. Through these features, "Aidol" delivers an unparalleled companionship experience while addressing the limitations of traditional idol products' one-way interactions.The technical architecture of Aidol is comprised of two components: cloud AI services and hardware.The doll features an integrated camera, microphone, speaker, sensor, and Bluetooth module that enable interaction through a mobile application. For cloud services and AI technology capabilities, the solution uses Amazon Bedrock, a fully managed service from Amazon Web Services (AWS) that makes high-performing foundation models, along with speech-to-text, text-to-speech, and natural language understanding services. The team also established a database of idol-exclusive quotes and catchphrases to enhance the naturalness of the interaction.The system's core employs Raspberry Pi to process sensors, networking, voice processing, and other modules, while also connecting to Gamania Group's API to access idol-exclusive sound resources. The prototype clip provided by the team in the competition clearly demonstrated the actual operation process of several activities such as shooting images, recalling discussions, and pushing events, and was well appreciated by the judges.This innovative idol product solution received widespread praise from the judges of Gamania Group Vyin AI's category. They commended the product for its comprehensive business plan and technically feasible implementation, noting its potential to create a unique companionship experience for fans while generating various revenue streams, including hardware sales, app subscriptions, and downloadable voice and appearance packages. Compared to existing market offerings, Aidol focuses on the emotional economy of idol fandom, demonstrates clear competitive advantages, and presents significant potential to become a major technological innovation in the idol industry.

Generative AI (GenAI) is swiftly revolutionizing corporate operations, product development, business models, and the overall ecosystem. According to a survey report published by Taiwan's Market Intelligence & Consulting Institute (MIC), in 2024, 19% of Taiwan's five major industries utilized GenAI or engaged in related activities, with the finance and insurance sector representing 25% and the manufacturing sector following at 22%. Amid the proliferation of Generative AI for developing AI assistants, some firms have found that their substantial investments in these assistants did not yield the expected results, leading them to terminate their AI projects and thus diminishing their overall competitiveness.Alpha Three wins with a smarter AI assistant—boosting accuracy through improved data chunking for enterprise knowledge Q&A. Credit: CompanyThe primary cause of the poor performance of AI assistants, according to "Alpha Three," the winning team in the "2025 AI Wave: Taiwan Generative AI Applications Hackathon" from Walsin Lihwa's "Smart Manufacturing" group, is the excessively small data chunking during pre-processing. This can easily disrupt the original document paragraph context, resulting in the AI model's misunderstanding deviations and a response content that is not sufficiently accurate.The team recommended that the "amount of text in a single PDF page" be used as the unit of chunk in order to preserve the natural paragraph structure and comprehensive context, as well as to prevent semantic discontinuity. The review committee unanimously recognized this method for successfully achieving three substantial advantages: "optimizing user query experience," "reducing the risk of hallucinations," and "enhancing semantic coherence and search and answer accuracy."Pre-competition training proves valuable; effectively utilizing AI tools to realize creativity"Alpha Three" utilized a steel standard inquiry as a test case and posed the question, "Does ASTM A276 steel grade 316Ti comply with the EN 10088-3 standard?" The AI system retrieved comprehensive information covering the chemical composition and standard specifications of steel grades. The content of the response is highly focused and accurately reflects the primary data. The AI system demonstrated extraordinary reliability in the application of enterprise knowledge by achieving a perfect score (1.0 out of 1.0) across the three metrics of "search relevance," "answer solidity," and "answer relevance."To achieve these results, the team utilized Amazon Web Services (AWS) to develop a comprehensive enterprise knowledge question-answering framework.PDF, PNG, JPG, and other file formats are uploaded to Amazon S3, the cloud object storage service, during the initial phase. The second phase is providing quick query services with a comprehensive language model and the Flask API. In the third phase, the team leverages Amazon Bedrock, a fully managed service that makes high-performing foundation models, to connect extensive language models, thereby improving scalability and reaction speed. Amazon Elastic Compute Cloud (Amazon EC2) is employed in the fourth phase to expedite API processing, thereby guaranteeing system stability and efficiency.The extensive system design includes data uploading, management, retrieval, and response, allowing users to easily submit inquiries and obtain prompt professional responses, which became a crucial factor in their victory.The "Alpha Three" team, comprised of recent information engineering graduates from National Taiwan University in 2024, observed that, despite their degrees in information-related fields, they were completely unfamiliar with contemporary mainstream AI tools in the face of the rapid advancement of Generative AI technology. The project was successfully completed within 30 hours, and the award was secured, thanks to the professional training provided by the organizer, which included a series of enterprise data workshops and AWS Generative AI workshops, as well as Walsin Lihwa's explanation of the steel standards.

IntroductionWith the increasing use of mobile devices, malware targeting smartphones and tablets has become more prevalent. Banking Trojans, in particular, are designed to steal banking credentials and financial information from mobile users.The modern trend in the Integrated Circuits industry is System on a Chip (SoC) and Microcontrollers (MCU), which integrate different discrete solutions, including security functions in a single IC. In particular, the Secure Element / Hardware Security Module (HSM)/UICC can be integrated into the SoC. The main motivations for this integration are reduced system cost, enhanced performance, and added-value functionality.The integrated security function in the SoC needs to meet the same security level as the discreet part. To address the security of integrated solutions and provide the industry with a unified set of security requirements to be fulfilled and clear to evaluate and asses, PP-0117, Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile was developed.BackgroundCybersecurity statistics indicate that there are 2,200 cyber-attacks per day, with a cyber-attack happening every 39 seconds on average. In the US, a data breach costs an average of $9.44M, and cybercrime is predicted to cost $8 trillion by 2023.ENISA[1], in its "ENISA Threats Landscape 2022 Report", presented in several aspects that the segments which were affected the most were the Public Administration and the Finance sectors:Figure 1 ENISA: Reputational impact by sector[1] ENISA - European Union Agency for Cybersecurity, https://www.enisa.europa.eu/This figure points to the potential for negative publicity or an adverse public perception of the affected sector.In the following diagram, it can clearly be seen that the Public Administration and the Finance sectors suffered more seriously from damaged or unavailable systems, corrupted data files, or exfiltration of data compared to the other sectors:Figure 2 ENISA: Digital Impact by SectorSecure Element is a technical solution for digital payments via credit cards and mobile devices, as well as for identification and biometric purposes, such as passports and personal IDs.Since this device secures critical data, governmental bodies and private entities, such as credit card organizations, EMVCo[2], mandate that it be certified to Common Criteria EAL 5+ when using PP0084 – Security IC Platform Protection Profile with Augmentation Packages (Eurosmart, 2014)[3]. Till today more than 250 product certifications were done claiming for this PP.With the integration of the Secure Element in SoC, new challenges/threats were raised on top of the existing challenges/threats of the secure device with high resistance to physical and logical attacks:• Preventing the insecure state of the product by disturbing the boot process and enabling manipulation of the product by hostile software or malicious code.• Preventing content abuse of the data and code stored at the external non-volatile\volatile memory which is part of the SoC architecture by the attacker which accesses the external memory for disclosing or modifying the content of the external memory used by the secure component and by compromising confidentiality and/or integrity of secure content to be protected by the secure component.• Preventing Cloning of the content stored in the external memory or physical replacement of the external memory of the data and code stored at the external non-volatile\volatile memory.[2] EMVCo - https://www.emvco.com/about-us/overview-of-emvco/[3] Security IC Platform Protection Profile with Augmentation Packages : https://www.commoncriteriaportal.org/files/ppfiles/pp0084b_pdf.pdf• Preventing the ability of replay commands, the write, erase or responses to the read commands between the security component and the external memory, to affect the freshness of the content read from or written to the external memory. Preventing Unauthorized rollback of content.• Preventing the attempt to read the content of the external memory, record it, and later write it back to the external memory after the original content was updated by the Security component.• For SoC architecture that uses Secure Memory, the interface between the secure memory and the secure component should be protected from being blocked or intercepted by an attacker eavesdropping on the interconnection bus (e.g., by a man-in-the-middle attack), to disclose the user data and/or code data being written to or read from the secure external memory before security services are executed or finalized by the secure external memory.SoCs with integrated security functions appeared in the market and the security evaluation was done in a way of a mixture of PP0084 or part of it with extended requirements which might reflect the newly innovated device. No unified requirement. The challenge was to define all aspects of using and protecting the security functions when it is being integrated into the SoCThe methodEurosmart took the challenge and established a technical working group under its domain, ITSC. The subgroup includes Eurosmart members from the industry: semiconductor companies, software companies, ITSEF involved in evaluating security devices, Certification bodies, and consultants in this field.The national certification bodies were invited to the working group even though they are not Eurosmart members.On top of it, a liaisons\sharing was established with stakeholders who are referring \ interested \using this Protection Profile:A. Peers working groups: JHAS and ISCI-WG1.B. Organizations that reference the PP: FIDO, GlobalPlatform, GSMA.C. ENISA – for the alignment with CSA-EUCC which will be the scheme for this PP once the act will be implemented.The resultPP0117, Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile includes the following:The TOE (Target of Evaluation) is "a Secure Sub-System (3S) implemented as a functional block of a System on Chip (SoC). The TOE implements a processing unit, security components, I/O ports and memories to provide a range of security functionalities covering a defined set of security objectives. The TOE provides its security features and security services isolated from the remaining SoC components, based on physical and/or logical isolation mechanisms. The TOE may rely on external memories to store content (data, code or both)."Figure 3: The Target of Evaluation (TOE)The TOE can be delivered as hard macro and/or programable macro, PL macro, as was defined in the team objectives.On top of it, the usage of external memory in different stages of the life cycle should be considered as well.The team strives to develop as generic as possible life cycle and highlight the new aspects of this architecture. It was clear that the new life cycle requires elaboration. With the cooperation with ISCI-WG1 a supplement guidance document, "Life-Cycle Model (LCM) Related Evaluation Aspects" was developed with more explanations related to the aspects that need to be fulfilled and assessed in the different phases of the life cycle.Figure 4: TOE Life CycleThe Protection Profile was structured with a base package of minimum requirements for any Secure Sub-System in a SoC, plus optional packages to address additional industry-specific needs arising from the architecture:• External Memory packages (Passive and Secure, volatile and non-volatile memory) – The restrictions related to the security of the data and code that are stored in the external memory.• Loader Package – The restrictions in loading functionality of the TOE Software or Composite Software from external memory.• Crypto Package - Framework for the integration of various cryptographic algorithms supported by the TOE. For addressing the need to be a generalized PP, this package, contrary to PP0084, doesn't define specific algorithms to implement but general instructions regarding the usage of recognized cryptographic algorithms.• Composite Software Isolation Package - The isolation features enable the separation between different software packages which may be delivered by different developers.Figure 5 PP Packages structureThe Security Problem Definition (SPD) which includes the assets to be protected, the threats, policies, and assumptions was developed in light of the collaboration with the JHAS group.In the Security Objectives section, dedicated objectives were defined related to the new approach of the TOE form (hardmacro\ PL macro).The base package of the Security Functional Requirements (SFRs) includes the PP0084 SFRs but for fulfilling the TOE need to be a Root of Trust, additional requirements for unique identification were included.The integration of the security sub-system in a non-secure SoC leads to the need to define the TOE as a way it provides its services isolated from the other SoC components based on physical and/or logical isolation mechanisms.The challenge in enabling integration of certified sub-systems in a non-secure system required new practices to be done by the developer and to be assessed by the ITSEF – the developer should instruct in which conditions the integration should be done and the ITSEF should verify that the integration was followed and no compromising of security was inspected during this process.Dedicated refinements related to the integration were added to the Security Assurance Requirements (SARs) for the ITSEF to verify the process was defined and done with no compromises.The evaluation was done by SGS with the supervision of BSI.SummaryPP0117 represents a significant advancement in cybersecurity certification for integrated systems. By providing a unified, flexible framework, it bridges the gap between traditional discrete certifications and modern integrated solutions, ensuring robust protection for sensitive data in an increasingly interconnected world.Winbond supports PP0117 by offering the W75F Secure Memory, which fulfilled the Secure External memory package. With Winbond EAL 5+ certified secure Flash, PP0117 can be claim in a composition with Winbond device and offer trusted external memory solution within SoC architectures. For more information, please visit Winbond website or download the latest Hardware Security White Paper.