CONNECT WITH US
Monday 30 June 2025
Vietnam's new crypto law sets global standard for token regulation and licensing
Vietnam has emerged as a leader in global digital asset regulation with the approval of the Law on Digital Technology Industry on June 14, 2025. Taking effect on January 1, 2026, the law ends years of regulatory ambiguity by introducing clear licensing rules, compliance standards, and innovation incentives for the country's rapidly growing crypto market
Hardware Security
Hardware security is crucial for providing robust protection for sensitive data in our increasingly interconnected environment. Relying solely on software protection is insufficient to prevent the rising threats of remote cyberattacks.
Tuesday 8 July 2025
Focusing on Taiwan and Southeast Asia, Seasalt.ai crafts AI assistants for local needs
Various generative AI tools and services have gradually permeated everyday life and the workplace, driving rapid market growth and attracting startup teams to enter the field. Founded in Seattle in 2020, Seasalt.ai is one of the rising stars that began developing intelligent voice solutions even before the current generative AI boom.With a focus on the linguistically diverse and densely populated Southeast Asian market, the company has established Taiwan as its development and support center, offering AI-powered customer service agents and meeting assistant tools that excel in accurately recognizing local accents and understanding nuanced semantics.Co-founded by CEO Xuchen Yao and CTO Guoguo Chen, Seasalt.ai marks their second entrepreneurial collaboration. Instead of competing in dominant markets like the U.S. and China, the duo chose to focus on Southeast Asia - a region often overlooked by major tech giants."Our company name, Seasalt AI, not only comes from our roots in Seattle but also reflects our target market - Southeast Asia (SEA)," said Yao. He noted that most AI voice tools on the market tend to overlook the less widely spoken languages in the Southeast Asian region. "But these underrepresented areas are home to large populations and many businesses in need of support. Filling in the gaps left by the tech giants has become a unique opportunity for us."Seasalt.ai offers an AI meeting assistant, SeaMeet Copilot, which provides real-time meeting transcripts, structured summaries, and action items for each meeting. It seamlessly integrates with Google Meet - popular among local users - and is specifically optimized to recognize Taiwanese accents, accurately understanding complex sentences that mix both Chinese and English.Cloud-Based and Subscription: Ensuring Security and Product FlexibilitySeasalt.ai also offers the SeaX platform - an all-in-one omnichannel solution for businesses. It integrates voice and text to support AI-powered messaging and phone-based voice calls, with a focus on outbound marketing. The platform enables natural language Q&A summaries, bilingual Chinese-English interaction, and smooth integration with existing workflows.According to Seasalt.ai, SeaX empowers companies to book appointments via AI voice assistants, engage in two-way conversations, track marketing campaigns across SMS, WhatsApp, and phone, discover customer buying intent, analyze user behavior, and conduct surveys - bringing automation and personalization into one seamless system.Another key advantage is the speed of deployment. According to Yao, in the case of assisting the Taiwan External Trade Development Council (TAITRA) with building a customer-facing chatbot with GenAI, Seasalt.ai successfully launched it in just three months, compared to competing solutions with last-generation technology (such as Natural Language Understanding) that would have taken up to two years.Chen highlighted the usability of Seasalt.ai's tools, stating: "Approximately 70% to 80% of users are able to set up and maintain their AI chatbots independently using our documentation and examples. Only about 10% to 20% of large enterprise clients necessitate custom development."Regarding deployment strategy, it is important to keep product features up to date due to the rapid advancement of generative AI. Therefore, a cloud-first approach is often recommended, supplemented by customized private cloud solutions for clients with stricter data security requirements.Rapid Tech Growth: Pros and Cons for AI StartupsSeasalt.ai was born during the global outbreak of COVID-19. At that time, Taiwan's strict pandemic control measures and its startup-friendly environment made it an ideal springboard for the company's expansion into the Southeast Asian market.As one of the standout alumni of SparkLabs Taiwan, Seasalt.ai also benefited greatly from its collaboration with Taiwan Tech Arena (TTA), gaining valuable resources for growth. In December 2024, the company announced the completion of its seed funding round, raising NT$130 million. Investors included Z Venture Capital (ZVC), the corporate venture arm of LINE.In view of the rapid advancements in AI technology and the fast-evolving market landscape, Chen stated, "We began early and possess extensive knowledge of the field, allowing us to swiftly integrate new technologies. However, much of our initial work needs to be revised." He added that the plethora of new technological resources has also empowered Seasalt.ai to quickly update product features and improve user experience, thereby maintaining market competitiveness.Chen observed that the rapid advancement of generative AI technology has reduced development barriers, enabling startup teams to create prototypes and test the market at lower costs and within shorter timeframes. However, the reduced entry barriers have resulted in an increase in competitors, making it more challenging for new players to distinguish themselves in the market.Looking forward, Yao articulated that Seasalt.ai aspires to establish itself as the market leader in Taiwan while simultaneously innovating new products. One such product is SeaHealth, an AI-powered assistant intended as a front office solution for hospitals and clinics to facilitate proactive healthcare messages and communications for patients with chronic illnesses or elderly individuals living alone. The company's vision is to provide more convenient and accessible AI tools to a broader range of users.SeaMeet Copilot supports multilingual meetings and audio uploads. Credit: Company
Tuesday 8 July 2025
Supply chain attack prevention: Robust integrity & remote attestation
In recent years, we have seen a rise in attacks of a previously unheard-of type – supply chain attacks. As attack prevention in systems becomes more and more sophisticated, including dedicated hardware and software, rogue players are moving to supply chain attacks to overcome systems before they have a chance to install and operate such protections.Supply chain attacksIn a nutshell, supply chain attacks target the systems during their production or shipment in order to install weaknesses before they reach their final destination. When an affected system is installed, it is already compromised. The weaknesses can then be used by the attackers at their will to infiltrate the systems, bypass protection mechanisms, and perform preplanned malicious actions.Since modern systems are created in multiple steps with components and processes sourced from global vendors, it is extremely hard for the vendors and the intended users to ensure everything is in perfect security order.In the past, it was sufficient to use logging and tracking, and in extreme cases, tamper-evident tapes and locks. It was a common belief that once a machine is assembled at the factory and put in a box, as long as that box reaches its destination intact, all is well.This is no longer true. Rogue organizations and even nations are using sophisticated technologies to mount hidden attacks at very early stages of the supply chain. This goes far back into the assembly process, component shipping, mass programming, and even component production. When looking at an electronic component with the naked eye, it's hard to tell an original from a counterfeit. And when that component is an essential part of the system operation and security, its replacement with a forged, potentially harmful one poses a serious security threat.We have learned of mystery components finding their way into high-profile servers, but this only tells part of the story. What if an attacker manages to create what looks like a genuine part and has that part assembled in an otherwise legitimate system? What will happen if that part holds code that the system will run? What if a remote attacker can use that to mount and unleash an attack at any given time?System makers are striving for a solution that is strong yet affordable, allowing them to verify authenticity and integrity of key components in the system at any stage of the supply chain, before and after assembly, before and after shipping, before and after deployment, and at any other time during the life cycle of that system.Securing the root of trustA Root of Trust (RoT) is a concept where a system starts from a known and secure state and measures every next stage of the execution chain before it is used, ensuring that only genuine code runs on genuine hardware. However, the root of trust must rely on some secure hardware and code that must be genuine, unaltered, and whole. If that RoT is compromised or replaced during some stage of the supply chain, there is no way of assessing the security state of the system.One solution that has been used before is a TPM (Trusted Platform Module) or some Secure Element. These are secure hardware devices with cryptographic capabilities that may be used to ensure the validity of the system. However, these components have many limitations. Their operation is strongly tied to the system software that they need to protect. Since these are discrete devices, they may also be replaced or bypassed. They are expensive and require more technical effort to be integrated, and they may not be adapted for all cases.Robust solution for securing the supply chainIf we can ensure that the system executes the original boot code, unmodified, and will not replace it at any stage with rogue code, and if we can remotely authenticate the code and the storage medium it is stored in, we can ensure that the system will be much less prone to the types of supply chain attacks we have described here. To do so, we need to add a mechanism to identify the storage medium in a cryptographically secure way and to ensure that it holds genuine, unmodified, and recent boot code.Boot code measurement and signature verification when done by software, is a known method which, as earlier noted, is not as safe as it should be since the software essentially measures itself.The stronger alternative is designing the storage medium to have these required capabilities. One way of doing so is to add a hardware based challenge-response enquiry mechanism to the storage medium, following a PKI (Private-Public Key Infrastructure) scheme, where the storage medium holds a unique private key that can be used to exclusively sign the challenge. The vendor can use this mechanism to query the storage medium at any time to verify that it's the genuine component arriving from the original manufacturer and assembled in the correct target system.A second, important mechanism, allows the vendor to verify the code stored in the device to ensure it is genuine unmodified and recent.Role of Post-Quantum Cryptography in supply chain protectionAs mentioned above, supply chain protection is based on PKI (Private-Public Key Infrastructure). Traditional crypto schemes such as RSA and ECC are no longer allowed for new designs. For that reason, Post Quantum schemes should be employed. One scheme that was adopted by NIST and CNSA is the Leighton-Micali (LMS) algorithm. This is a hash-based signature algorithm that is stateful, and as such, at the time of writing this, is practically impossible to break.Authenticated Code UpdateThe last piece of the puzzle has to do with secure update of the firmware code. Ensuring genuine code and code storage device is only good as long as the code does not need to be updated. When an update is deployed, it's essential to have the same level of protection as the rest of the supply chain. For that reason, code updates must also be signed and authenticated using PQC based algorithms and LMS algorithm was chosen for that purpose as well. It is used to sign the code updated, only this time the public key is stored in the storage medium, and the private key is used to sign the updates.To conclude, ensuring supply chain security requires robust measures such as remote attestation and cryptographic verification. Winbond Secure Flash enhances supply chain protection by integrating Post-Quantum Cryptography (PQC)-based remote attestation, ensuring that only authentic, unaltered flash device and firmware operates within systems. To learn more about Winbond's advanced security solutions, visit Winbond's website or contact Winbond directly, or download the latest Hardware Security White Paper.
Tuesday 8 July 2025
2025 Lean and Digital Initiative Presentation Conference concludes successfully, driving group transformation
To advance its digital transformation strategy and embody the CA-PDCA continuous improvement philosophy, ZDT (Zhen Ding Technology Group) successfully hosted the 2025 H1 Lean & Digital Initiative Presentation Conference. This event aimed to enhance corporate competitiveness. General Manager Chen-Fu Chien and senior executives from various units led the charge in promoting company-wide participation in lean and digital transformation improvements.In his opening remarks, General Manager Chen-Fu Chien emphasized that the proposal improvement conference is integral to ZDT's innovative culture. He stated that lean management and digital transformation serve as cornerstones for the Group's sustainable development. He urged all colleagues to proactively engage in improvements, participate fully, and focus on details, embodying the spirit of "never neglecting a good deed because it seems small" to achieve cumulative, long-term results.Organized by the Industrial Engineering Department, with participation from plant managers and judging committee members, the conference rigorously selected 8 outstanding proposals for the final presentation round. Presenters enthusiastically shared their experiences and achievements. Judges provided expert feedback from multiple perspectives, encouraging departments to amplify the benefits of these initiatives.The Gold Award of the 2025 Lean & Digital Initiative Presentation Conference was presented to the HB06 Laser Section team from the Flexible Printed Circuit Board (FPCB) Business Unit. Their winning proposal, "ESI Laser Efficiency Enhancement Improvement," utilized OEE big data analysis, process streamlining, and innovative improvement methodologies. It optimized laser precision calibration, delivered concrete benefits, and has been implemented in other plants. Notably, the number of proposals submitted in 2025 increased by 2.35 times compared to the same period last year, with cost improvement savings doubling. Digital platforms facilitated greater efficiency and transparency throughout the initiative.ZDT also promoted cross-unit benchmarking. Approximately 90 top-performing benchmark individuals were recognized and incentivized from various teams. They received cups personally inscribed by Chairman Charles Shen with the words "Kindness, Perseverance, Benefiting Others, and Gratitude," embodying the core ZDT culture that the Chairman expects all awardees to practice.General Manager Chen-Fu Chien commended all colleagues for their tangible improvement results and the excellent presentations during the finals. He directed plant managers and unit heads to prioritize and lead continuous improvement efforts. Furthermore, he instructed the Digital Transformation Center to conduct an in-depth analysis of the enabling improvement cases, develop systematic solutions to ensure realized benefits, disseminate successful practices to other units, and deepen the impact of the results. He also called for establishing a knowledge base of success stories, encouraging diverse innovation improvements such as cross-unit collaboration, industry-academia partnerships, and more. This ongoing effort aims to continuously deepen the Group's digital transformation and organizational evolution.