CONNECT WITH US
Monday 30 June 2025
Vietnam's new crypto law sets global standard for token regulation and licensing
Vietnam has emerged as a leader in global digital asset regulation with the approval of the Law on Digital Technology Industry on June 14, 2025. Taking effect on January 1, 2026, the law ends years of regulatory ambiguity by introducing clear licensing rules, compliance standards, and innovation incentives for the country's rapidly growing crypto market
Hardware Security
Hardware security is crucial for providing robust protection for sensitive data in our increasingly interconnected environment. Relying solely on software protection is insufficient to prevent the rising threats of remote cyberattacks.
Wednesday 9 July 2025
TRI unveils new multi-camera AOI, TR7500 SIII Ultra
Test Research, Inc. (TRI), the leading test and inspection systems provider for the electronics manufacturing industry, proudly introduces the new TR7500 SIII Ultra. The new Multi Camera AOI solution features advanced inspection technology, delivering industry-leading speed and precision for electronics manufacturing.The new AOI TR7500 SIII Ultra features Multi-Angle Side View inspection with four side-angled cameras and one top camera for full coverage defect detection. The side view cameras allow the platform to inspect inner layer bridges, hidden lifted leads, and other out-of-sight defects. The TR7500 SIII Ultra also supports optional capabilities such as AI-powered inspection, Metrology-grade measurements, and 3D laser imaging to enhance accuracy and coverage.Built on the same high-precision platform as TRI's flagship TR7700Q SII, the TR7500 SIII Ultra enhances mechanical performance with Ballscrew Z-axis control and an AC Servo Motion Controller. The structural design has also been significantly upgraded. Compared to its predecessor's welded steel frame, the TR7500 SIII Ultra is built on a vibration-resistant cast iron base that provides superior rigidity and inspection stability. The system supports PCB weights up to 3 kg, with optional configurations for 5 kg and 12 kg.The TR7500 SIII Ultra supports current Smart Factory and communication standards, including SMEMA, SECS/GEM, IPC-CFX-2591, and IPC-HERMES-9852, ensuring a cost-effective, Industry 4.0-compliant solution for comprehensive defect detection and data exchange.For more information about the TR7500 SIII Ultra, please visit the link below,https://www.tri.com.tw/en/product/product_detail-11-2-1844.htmlTR7500 SIII Ultra – Multi-camera AOI system for high-precision, all-angle inspection
Tuesday 8 July 2025
Focusing on Taiwan and Southeast Asia, Seasalt.ai crafts AI assistants for local needs
Various generative AI tools and services have gradually permeated everyday life and the workplace, driving rapid market growth and attracting startup teams to enter the field. Founded in Seattle in 2020, Seasalt.ai is one of the rising stars that began developing intelligent voice solutions even before the current generative AI boom.With a focus on the linguistically diverse and densely populated Southeast Asian market, the company has established Taiwan as its development and support center, offering AI-powered customer service agents and meeting assistant tools that excel in accurately recognizing local accents and understanding nuanced semantics.Co-founded by CEO Xuchen Yao and CTO Guoguo Chen, Seasalt.ai marks their second entrepreneurial collaboration. Instead of competing in dominant markets like the U.S. and China, the duo chose to focus on Southeast Asia - a region often overlooked by major tech giants."Our company name, Seasalt AI, not only comes from our roots in Seattle but also reflects our target market - Southeast Asia (SEA)," said Yao. He noted that most AI voice tools on the market tend to overlook the less widely spoken languages in the Southeast Asian region. "But these underrepresented areas are home to large populations and many businesses in need of support. Filling in the gaps left by the tech giants has become a unique opportunity for us."Seasalt.ai offers an AI meeting assistant, SeaMeet Copilot, which provides real-time meeting transcripts, structured summaries, and action items for each meeting. It seamlessly integrates with Google Meet - popular among local users - and is specifically optimized to recognize Taiwanese accents, accurately understanding complex sentences that mix both Chinese and English.Cloud-Based and Subscription: Ensuring Security and Product FlexibilitySeasalt.ai also offers the SeaX platform - an all-in-one omnichannel solution for businesses. It integrates voice and text to support AI-powered messaging and phone-based voice calls, with a focus on outbound marketing. The platform enables natural language Q&A summaries, bilingual Chinese-English interaction, and smooth integration with existing workflows.According to Seasalt.ai, SeaX empowers companies to book appointments via AI voice assistants, engage in two-way conversations, track marketing campaigns across SMS, WhatsApp, and phone, discover customer buying intent, analyze user behavior, and conduct surveys - bringing automation and personalization into one seamless system.Another key advantage is the speed of deployment. According to Yao, in the case of assisting the Taiwan External Trade Development Council (TAITRA) with building a customer-facing chatbot with GenAI, Seasalt.ai successfully launched it in just three months, compared to competing solutions with last-generation technology (such as Natural Language Understanding) that would have taken up to two years.Chen highlighted the usability of Seasalt.ai's tools, stating: "Approximately 70% to 80% of users are able to set up and maintain their AI chatbots independently using our documentation and examples. Only about 10% to 20% of large enterprise clients necessitate custom development."Regarding deployment strategy, it is important to keep product features up to date due to the rapid advancement of generative AI. Therefore, a cloud-first approach is often recommended, supplemented by customized private cloud solutions for clients with stricter data security requirements.Rapid Tech Growth: Pros and Cons for AI StartupsSeasalt.ai was born during the global outbreak of COVID-19. At that time, Taiwan's strict pandemic control measures and its startup-friendly environment made it an ideal springboard for the company's expansion into the Southeast Asian market.As one of the standout alumni of SparkLabs Taiwan, Seasalt.ai also benefited greatly from its collaboration with Taiwan Tech Arena (TTA), gaining valuable resources for growth. In December 2024, the company announced the completion of its seed funding round, raising NT$130 million. Investors included Z Venture Capital (ZVC), the corporate venture arm of LINE.In view of the rapid advancements in AI technology and the fast-evolving market landscape, Chen stated, "We began early and possess extensive knowledge of the field, allowing us to swiftly integrate new technologies. However, much of our initial work needs to be revised." He added that the plethora of new technological resources has also empowered Seasalt.ai to quickly update product features and improve user experience, thereby maintaining market competitiveness.Chen observed that the rapid advancement of generative AI technology has reduced development barriers, enabling startup teams to create prototypes and test the market at lower costs and within shorter timeframes. However, the reduced entry barriers have resulted in an increase in competitors, making it more challenging for new players to distinguish themselves in the market.Looking forward, Yao articulated that Seasalt.ai aspires to establish itself as the market leader in Taiwan while simultaneously innovating new products. One such product is SeaHealth, an AI-powered assistant intended as a front office solution for hospitals and clinics to facilitate proactive healthcare messages and communications for patients with chronic illnesses or elderly individuals living alone. The company's vision is to provide more convenient and accessible AI tools to a broader range of users.SeaMeet Copilot supports multilingual meetings and audio uploads. Credit: Company
Tuesday 8 July 2025
Supply chain attack prevention: Robust integrity & remote attestation
In recent years, we have seen a rise in attacks of a previously unheard-of type – supply chain attacks. As attack prevention in systems becomes more and more sophisticated, including dedicated hardware and software, rogue players are moving to supply chain attacks to overcome systems before they have a chance to install and operate such protections.Supply chain attacksIn a nutshell, supply chain attacks target the systems during their production or shipment in order to install weaknesses before they reach their final destination. When an affected system is installed, it is already compromised. The weaknesses can then be used by the attackers at their will to infiltrate the systems, bypass protection mechanisms, and perform preplanned malicious actions.Since modern systems are created in multiple steps with components and processes sourced from global vendors, it is extremely hard for the vendors and the intended users to ensure everything is in perfect security order.In the past, it was sufficient to use logging and tracking, and in extreme cases, tamper-evident tapes and locks. It was a common belief that once a machine is assembled at the factory and put in a box, as long as that box reaches its destination intact, all is well.This is no longer true. Rogue organizations and even nations are using sophisticated technologies to mount hidden attacks at very early stages of the supply chain. This goes far back into the assembly process, component shipping, mass programming, and even component production. When looking at an electronic component with the naked eye, it's hard to tell an original from a counterfeit. And when that component is an essential part of the system operation and security, its replacement with a forged, potentially harmful one poses a serious security threat.We have learned of mystery components finding their way into high-profile servers, but this only tells part of the story. What if an attacker manages to create what looks like a genuine part and has that part assembled in an otherwise legitimate system? What will happen if that part holds code that the system will run? What if a remote attacker can use that to mount and unleash an attack at any given time?System makers are striving for a solution that is strong yet affordable, allowing them to verify authenticity and integrity of key components in the system at any stage of the supply chain, before and after assembly, before and after shipping, before and after deployment, and at any other time during the life cycle of that system.Securing the root of trustA Root of Trust (RoT) is a concept where a system starts from a known and secure state and measures every next stage of the execution chain before it is used, ensuring that only genuine code runs on genuine hardware. However, the root of trust must rely on some secure hardware and code that must be genuine, unaltered, and whole. If that RoT is compromised or replaced during some stage of the supply chain, there is no way of assessing the security state of the system.One solution that has been used before is a TPM (Trusted Platform Module) or some Secure Element. These are secure hardware devices with cryptographic capabilities that may be used to ensure the validity of the system. However, these components have many limitations. Their operation is strongly tied to the system software that they need to protect. Since these are discrete devices, they may also be replaced or bypassed. They are expensive and require more technical effort to be integrated, and they may not be adapted for all cases.Robust solution for securing the supply chainIf we can ensure that the system executes the original boot code, unmodified, and will not replace it at any stage with rogue code, and if we can remotely authenticate the code and the storage medium it is stored in, we can ensure that the system will be much less prone to the types of supply chain attacks we have described here. To do so, we need to add a mechanism to identify the storage medium in a cryptographically secure way and to ensure that it holds genuine, unmodified, and recent boot code.Boot code measurement and signature verification when done by software, is a known method which, as earlier noted, is not as safe as it should be since the software essentially measures itself.The stronger alternative is designing the storage medium to have these required capabilities. One way of doing so is to add a hardware based challenge-response enquiry mechanism to the storage medium, following a PKI (Private-Public Key Infrastructure) scheme, where the storage medium holds a unique private key that can be used to exclusively sign the challenge. The vendor can use this mechanism to query the storage medium at any time to verify that it's the genuine component arriving from the original manufacturer and assembled in the correct target system.A second, important mechanism, allows the vendor to verify the code stored in the device to ensure it is genuine unmodified and recent.Role of Post-Quantum Cryptography in supply chain protectionAs mentioned above, supply chain protection is based on PKI (Private-Public Key Infrastructure). Traditional crypto schemes such as RSA and ECC are no longer allowed for new designs. For that reason, Post Quantum schemes should be employed. One scheme that was adopted by NIST and CNSA is the Leighton-Micali (LMS) algorithm. This is a hash-based signature algorithm that is stateful, and as such, at the time of writing this, is practically impossible to break.Authenticated Code UpdateThe last piece of the puzzle has to do with secure update of the firmware code. Ensuring genuine code and code storage device is only good as long as the code does not need to be updated. When an update is deployed, it's essential to have the same level of protection as the rest of the supply chain. For that reason, code updates must also be signed and authenticated using PQC based algorithms and LMS algorithm was chosen for that purpose as well. It is used to sign the code updated, only this time the public key is stored in the storage medium, and the private key is used to sign the updates.To conclude, ensuring supply chain security requires robust measures such as remote attestation and cryptographic verification. Winbond Secure Flash enhances supply chain protection by integrating Post-Quantum Cryptography (PQC)-based remote attestation, ensuring that only authentic, unaltered flash device and firmware operates within systems. To learn more about Winbond's advanced security solutions, visit Winbond's website or contact Winbond directly, or download the latest Hardware Security White Paper.