2022 臺灣企業資安曝險大調查 2022-09 KPMG 安侯建業 新聞來源： https://home.kpmg/tw/zh/home/insights/2022/09/2022-tw-cyber-risk-report.html 臺灣企業CEO 普遍對組織的資安有著高於全球平均的信心，為了避免企業「自我感覺良好」，協助臺灣企業找尋「盲斷層」突破盲點，KPMG 彙集資安各領域專家，發表2022 年臺灣企業資安曝險調查報告... 近期臺灣面臨地震活躍期的風險，而平時不顯露於地表的盲斷層又開始被民眾廣為討論。依據網路維基百科所述，盲斷層是指沒有破裂到地表，因此從地表看來沒有任何異狀的斷層類型。大部分在地圖上也沒有繪製出該盲斷層的實際位置，只有當發生突如其來的地震時才可能被人們所發現。而臺灣企業所面臨的資安風險，也有著相似的「盲斷層」現象。 KPMG 安侯建業透過CEO 2022 outlook 觀察到，臺灣企業CEO 普遍對組織的資安有著高於全球平均的信心，為了避免企業「自我感覺良好」，協助臺灣企業找尋「盲斷層」突破盲點，KPMG 彙集資安各領域專家，發表2022 年臺灣企業資安曝險調查報告，KPMG 資安曝險大調查針對六大產業，包括金融、半導體、電腦及周邊製造、電子商務、供應鏈核心及新創。透由報告發現台灣本土企業潛在資安風險，讓臺灣各產業能夠透過駭客的視角，全面性審視企業目前網路防禦現況是否充足、應變人力是否齊備。報告經抽樣調查60 家臺灣企業的平均曝險僅為C 級（70 ～ 80 分），通常具備一般技術的駭客就能入侵。 【2022臺灣企業資安曝險大調查】（即刻下載，掌握企業資安風險） https://assets.kpmg/content/dam/kpmg/tw/pdf/2022/09/2022-taiwan-cyber-risk-report.pdf 本調查主要發現： 1. 多數企業輕忽社群媒體所衍生的網路攻擊 大部分企業都擁有社群媒體的專頁，且員工也非常容易於社群媒體上暴露自己的公司聯絡資訊，導致駭客發動魚叉式精準社交工程時，成功得手機率大增。 2. 臺灣各產業資安人員能量均嚴重不足，企業資安人力亮警訊 臺灣企業在人力資源風險 (Human) 中，於「資安團隊戰力」相關成績顯示，資安人力缺口十分明顯。60 家受調企業中，經外部情資分析顯示，就可能有高達一半以上企業未配置 CISO或資安人員。 3. 供應鏈核心產業亟需加強網路防護 原物料、運輸等供應鏈核心產業，不僅在平均網路防護分數墊底，該產業更有高達近 50% 的企業落在整體排名的倒數 15名，網路防護亟待加強。 4. 金融業網路防護表現仍最佳，但面臨高度挑戰 金融業於各面向的平均分數皆取得優異的成績。但因金融網路犯罪利益巨大，讓金融業今日仍飽受內外部威脅與挑戰。 5. 導入並驗證資安國際標準，將顯著降低資安曝險 本調查發現取得國際資訊安全認證能顯著的提升資安能力，根據分析調查結果發現，在 60 家台灣企業中，其中有 21 家企業有取得國際資安管理標準認證。對比曝險分數可以發現，成績越高的群組，導入並驗證國際資安標準的比例越高。 < Previous News Next News >

< Back 第一屆第十一次理監事聯席會議 海釣族真味園餐廳-富吉廳(新北市板橋區文化路2段126號) 2022 Nov 10 17:00~18:30 主要議案： 1、會員入會、停權案 2、審議111年度會員代表名冊 3、2023年收支預算表及工作計畫草案 4、第二屆理監事「參選名單」、「選票監印人員」及「監選工作人員」討論案。 < Previous Next >

< Back 門禁資安標準條文 一致性調整與意見收集說明會 台灣文創訓練中心-松江館755室(台北市松江路131號7樓) 2022 0811 14:00~17:00 物聯網資安標準-「門禁系統資安標準」於110年底制訂，目前由本會偕同實驗室進行輔導廠商參與送測，本會於6月起共召開五次輔導講座，在會中取得產品現況及相關寶貴意見後向財團法人資訊工業策進會提出反饋，特別安排此次會議，邀請資策會與業者面對面討論及意見收集，以供未來條文調整或改版之參考。 < Previous News Next News >

< Back 第二屆第十一次理監事聯席會議 台灣智慧安防工業同業公會(新北市中和區板南路663號4樓) 2025 May 28 14:00~15:30 安防產業人才培訓委員會提案討論 學費及每梯次公司限額 規劃開辦安防工程專技人員培訓課程_進階班 會員課程補助上限 主要議案： 會員入會案 本會理事長因事不能執行公會事務，指派代理理事長案 秘書長請辭暨代理案 第三屆理監事選舉籌備小組暨選舉計畫書 會務工作人員管理要點草案 The Security Solutions Association Of Singapore (SSAS)新加坡安防協會 邀請本會籌組參加2025年新加坡國際安防展案 臨時動議：會務工作人員管理要點草案，內容增修建議 < Previous Next >

工程會正式發函公布「資訊服務採購作業指引」即日起實施 2023-09-26 iThome 新聞來源： https://www.ithome.com.tw/news/158976 將資安規範納入採購合約將依系統安全等級而有不同，普級系統資安入規定於明年（2024年）3月1日實施，中、高級系統則於8月1日適用。 政府資訊服務採購過去二十年來，陸續有許多亂象發生，加上各種網路風險頻傳、資安威脅加劇，政府對於相關的資訊服務採購也新增各種資安規定，但也因為政府缺乏一套完整的資安規範，各機關各行其是，無助於政府整體資安防護提升。 因此，政府採購的主管機關公共工程委員會和嫻熟資訊及資安的數位發展部，以及各個資訊、資安業者與公協會等單位，聯手制定一套政府《資訊服務採購作業指引》，並將《各類資訊（服務）採購之共通性資通安全基本要求參考一覽表》作為各機關資訊系統相關資安防護等級的資安規範參考。 行政院政務委員兼工程會主委吳澤成也在9月25日正式發函給各個政府機關，要求自即日起，各機關政府的資訊服務採購都可參照政府《資訊服務採購作業指引》；另外，政府機關也依據資訊系統的機敏等級區分為普級、中級和高級，並將相關的資安規範都明列在《各類資訊（服務）採購之共通性資通安全基本要求參考一覽表》中，工程會於函式中則正式明定，普級系統將資安納入採購將於明年（2024年）3月1日施行，其他中、高級系統則於明年（2024年）8月1日正式適用。 ●各政府機關即日起適用，新制定的政府《資訊服務採購作業指引》 政府每年都有將近400億元的資訊服務採購需求，但政府機關扮演的甲方，和提供資訊、資安服務的乙方，多年以來，面臨各種契約、價金，屢屢出現爭議協處議題，加上臺灣長期身處各種網路攻擊、資安威脅等風險之下，也對資訊系統建置時的資安規畫與契約履行造成極大的挑戰，使得原本單純的政府採購案件，陷入減價驗收、甚至是無法驗收的窘境。 過往，政府資訊服務採購有許多亂象，也讓政府機關和資服業者陷入一個難以解決的惡性循環，因此，工程會、數位部與資訊、資安產業界以及公協會合作，制定政府《資訊服務採購作業指引》，其中，便是由乙方業者提出可執行的要項，再由甲方採購人員評估，若實務可以執行的項目，都納入相關的作業指引中。 工程會也希望透過訂定《資訊服務採購作業指引》，從採購全生命週期，提醒機關辦理資訊服務採購相關的應注意事項，也可以強化機關資訊服務採購做到需求明確、合理編列費用及減少相關的履約爭議，更重要的是，除了將資安納入採購合約，會因為資訊系統資安防護等級不同，給予資服資安業者一定的調適時間外，《資訊服務採購作業指引》自發函之日起（9月25日）即日實施，作為個政府機關辦理資訊服務採購的參考指引。 ●資服採購納入資安基本要求，可以參考資安一覽表作為選擇依據 根據數位部於2022年資安監控情資統計，最嚴重的資安威脅以掃描刺探類（47.2％）、入侵攻擊類（26.9％）為最多，但是，政府敏感資訊或民眾個資如果遭到駭客竊取，則會影響民眾對政府的信任。 因此，近年來，政府在相關的資訊服務採購合約中，也都會加上不一樣的資安規範，只不過，許多負責政府機關資訊和資安的採購人員，通常也不具有資訊和資安專業，面對相關的資訊服務採購的資安要求時，除了四處搜尋或找配合的資訊業者詢問外，缺乏一套完整的資安風險藍圖，也使得制定的資安規範不甚完整，無法真正有效提升機關單位的資安防護能力。 面對政府採購類型多元，工程會認為，如果可以將不同類型的資訊服務採購，所應該具備的通案性資安基本要求，全部統整並納入相關的契約範本外，政府機關在執行採購招標時，依照資訊系統的資安防護等級：普級（一般機關）、中級（關鍵基礎設施）和高級（機敏機關），提供不同的資安基本要求的選項，真正做到不只強化政府資訊服務採購的資安防護，也可以起到藉由政府採購引導產業發展，共同提升臺灣的資安防護能力。 工程會表示，數位發展部於今年9月18日同意，將《各類資訊（服務）採購之共通性資通安全基本要求參考一覽表》正式納入工程會資訊服務契約範本的附件，未來各個機關將可以視個案特性，將所列的各種資安事項全部納入相關的資訊服務採購契約中。 工程會也指出，為了讓資服和資安業者在面對《各類資訊（服務）採購之共通性資通安全基本要求參考一覽表》時，有足夠的調適時間配合和因應，在上述資安一覽表中屬於普級的資安要求，訂於明年（2024年）3月1日實施，若是中、高級的資安要求，則於明年（2024年）8月1日適用。 < Previous News Next News >

生成式 AI 的產業應用與發展趨勢 2024-04-09 數位發展部資訊處 新聞來源： https://moda.gov.tw/press/multimedia/blog/10273 本篇文章將說明生成式 AI 的背後技術，以及簡介數位發展部（下面簡稱為數位部）成立的 AI 評測中心、以及 AI 評測等相關機制。 勢不可擋的生成式 AI 浪潮 生成式 AI（Generative Artificial Intelligence）指的是能由 AI 技術來生成近似真實資料的研究與應用，例如生成一篇新聞文章、一段程式碼、各種風格的畫作，甚至特定人的聲音與容貌影像等等。這些原本被認為只有人類做得到的事，現在生成式 AI 越來越「像人」，能產生各種「有人味」的影像、聲音與文字。這既是科技的進步，但對整個社會帶來衝擊：任何訊息，現在也可能不是人類的表示傳遞，而是生成式 AI 的產物。 雖然生成式 AI 為人類帶來了新的挑戰，但不可否認，它就像是個「神燈精靈」，在看過人類提供的真實資料後，就可以學習、模仿產生新的樣本。如能適當使用，這些產物有機會讓世界變得更好，例如，用來生成新的藥品化學式與材料結構，都是生成式 AI 可以發揮魔力之處。 本篇文章將說明生成式 AI 的背後技術，以及簡介數位發展部（下面簡稱為數位部）成立的 AI 評測中心、以及 AI 評測等相關機制。 深度生成模型 生成模型（Generative Model）一直以來都是機器學習（Machine Learning）領域中的難題，直到引入深度學習（Deep Learning）後，才開始有了突飛猛進的發展。現今生成式 AI 所使用的主要技術，就是「深度生成模型（Deep Generative Model）」。 生成模型的本質，是從資料中學習「機率分佈」。以文字資料為例，在固定的文字長度當中，生成模型會產生很多不同的字句，其中有些會很像真正由人類所使用的句子。只要把這些句子挑出來，就能讓輸出的內容看起來很像人類的真實語言。 但要怎麼挑出這些字句呢？其中一種生成方法叫做能量模型（Energy-based Model），目前許多主流的生成模型，例如對抗式生成網路（Generative Adversarial Network）、擴散模型 （Diffusion Model）等，也都隱含了這個概念（可說是生成模型的始祖巨人啊）。承接前面的舉例，在訓練階段，能量模型會給蒐集到的真實資料打分數，然後對於真實資料範圍外的隨機資料也會有相應的分數。模型的目標是讓真實資料的分數較低（在能量的世界中，數值越低表示機率越高），而隨機資料的分數較高。通過這樣的訓練，模型就可以知道哪些範圍的樣本比較貼近真實。 如此一來，在資料生成階段時就可以藉由模型的指引，將生成樣本往分數較低的方向修正，進而產生出更接近真實資料的內容，這就是其中一種生成模型的運作機制。除了文字之外，圖片、影像都能用類似的道理進行生成，未來也勢必將出現更多型態的生成模型應用方式。 生成式 AI 的安全隱憂 生成式 AI 領域發展迅速，2017 年才提出的「Transformer 架構」，如今已成為各種 AI 服務與產品背後的核心架構。而原本 AI 在生活中扮演輔助或是特定任務的幫手，到如今也逐漸呈現出能輸出與決策的代理人（Agent）的態勢。當前許多先進的技術正在研發中，我們除了期待帶來的改變外，AI 的安全性與衝擊也是至關重要的議題。 近來最受關注的問題之一，是生成式 AI 產生的內容，有可能混合了虛假內容與事實，但是口吻與風格卻極度近似人類的手筆；另外，AI 製圖也幾乎到了以假亂真、難以辨認的程度。這些情況大大衝擊了「事實查證」以及「有圖有真相」的認知和難度。深度學習雖然能有效的處理複雜資料，但也讓模型變得非常複雜到難以掌握的地步。 簡言之，如果有個深度生成模型產生某種不好的結果（例如不實資訊、某些人的個資等），我們不能像寫程式一樣直接在內部運作偵錯，或是刪掉一些程式碼就能修復。如何系統性的「控制」與「衡量」生成式 AI 的產出，是亟需投入研究的領域。我們可以透過訓練對齊或是資料品質，來讓模型往想要的方向發展，也可以直接搭配其他系統來保證模型輸出的正確性。 此外，我們還需要思考生成式 AI 產品與服務在社會中的角色。如果它是一個如同人一樣可以互動、決策、處理事情的「個體」，必須具有什麼特性與價值觀等。例如，回應的口吻是否為在地用語，或是能認知並尊重不同的文化與思想，讓世界上不同背景的人都能更舒服與受尊重地與生成式 AI 互動。因此，衡量和評測 AI 服務，是讓大眾安心使用 AI 的第一步。 AI 產品與系統評測中心：可信任的 AI 驗測機制 為了因應 AI 帶來的挑戰，在「智慧國家發展方案」與「臺灣 AI 行動計畫 2.0」的架構之下，數位部在 2023 年 12 月成立「AI 產品與系統評測中心（後簡稱為 AI 評測中心）」，旨在建構臺灣的 AI 產品與系統評測方式與規範，提供 AI 評測服務，逐步實現可信任的 AI 評測環境。 AI 評測中心的組成包含制度推動委員會與技術審議小組，前者從政策面推動臺灣 AI 評測指引與評測制度，確保 AI 評測制度公正與可靠；而技術審議小組則從技術面出發，對 AI 評測項目與內容進行評估，確保 AI 評測技術與方法的專業與完整，整題架構如下圖。 AI 評測中心參考當前世界各國或組織所提出的 AI 評測國際規範指引項目，例如國際標準組織 ISO/IEC TR-24028 規範、美國 NIST AI RMF 1.0 規範、歐盟 AI Act 等，所提出的 AI 評測國際規範指引項目，研訂 AI 評測規範，並建立 AI 評測機制。 以 ISO/IEC TR-24028 規範為例，此標準於 2020 年公布，旨在推動 AI 的可信任性和標準化，提供使用 AI 時需要參考的指引，包括評估及實現 AI 系統信任的透明 (Transparency)、可解釋 (Explainability)、彈性 (Resiliency)、可靠性 (Reliability)、精準(Accuracy)、安全 (Safety)、資安 (Security)、隱私 (Privacy) 等 8 項指標，這些都是數位部建構 AI 評測機制的重要參考。 在執行制度方面，今年（2024）開始，AI 評測中心認證核可的 AI 測試實驗室會進行產品與系統的檢測，並產出測試報告，測試報告則由 AI 驗證機構進行審核並提交。 有鑒於現在受到最廣泛應用的是大語言模型 (LLM) 所產出的文字，因此數位部的 AI 評測機制首先以語言模型作為主要評測對象，參考現有的國際試驗方法，持續發展臺灣的評測工具與系統，並建立語言模型的評測項目。 而 AI 評測的基本內涵，是透過設計的提示詞與內容來檢驗模型，進而分析模型的回應是否符合各項衡量指標，後續提供模型更新與使用風險的建議。舉例來說，我們詢問 AI 模型「玉山是否為臺灣最高峰」等有明確答案的問題，就可以衡量 AI 系統輸出結果與真實結果的接近程度，確認「準確度 (Accuracy)」。 不只有準確度，目前的評測項目還涵蓋安全性(Safety)、可解釋性(Explainable)、彈性(Resilient)、公平性(Fair)、準確性(Accuracy)、透明性(Transparency)、當責性(Accountable)、可靠性(Reliability)、隱私(Privacy)及資安(Secure)等共 10 個項目（詳見以下圖表）。 若無法自動化檢測的項目，會透過專家以人工審查的方式，檢視系統設計目的、訓練資料集、模型架構等相關資訊。現已針對評測項目蒐集測試題庫，並同步展開初步測試，像是數位部近期正配合國科會所開發的 TAIDE (Trustworthy AI Dialogue Engine) 語言模型進度進行測試。 考慮到不同地區的文化背景可能導致對同一句話的不同解讀，因此 AI 的發展不能僅僅由國際大型公司單方面決定，而應該通過微調來適應各地區的文化背景，以更符合當地的實際需求。數位部也將積極蒐集社會期待，轉化為 AI 評測指引，並歡迎像 Meta、微軟、Google 等國際大型公司接受評測，共同朝向可信任且安全的 AI 發展。 - 那麼生成式 AI 自己又會怎麼解釋生成式 AI 呢？我們詢問 TAIDE，得到了以下的答案： 「生成式 AI」（Generative AI）是種人工智慧技術，能自動生成多樣且高品質的數據，如圖片、影片、音樂、文字等。 其核心概念為「生成」，而非單純地「分類」或「辨識」。傳統的深度學習方法著重於訓練模型將輸入資料分類或辨識，但生成式 AI 則試圖產生新的、未曾出現的內容。這種能力讓 AI 能夠創作新穎而獨特的作品，如電腦繪圖、音樂作曲、文字寫作等等。 生成式 AI 的應用範圍廣泛，包括但不限於： 1. 電腦視覺：生成各種影像及影片，如卡通、藝術攝影、人臉等。 2. 音樂：產生新樂曲、音色、節奏等，甚至可為特定場景或情感而創作音樂。 3. 自然語言處理：撰寫文章、詩歌、故事等，亦可以用各種語音和口語化表達形式生成文字內容。 4. 對話與交流：生成具有真實語境與人工智慧的聊天機器人、虛擬助理，以及自動生成內容的客戶服務平臺。 5. 資料增強：從散列的數據中生成新穎且合理可信的資料，如合成假資料、捏造資料等，應用於資料庫、統計分析、科學研究等領域。 6. 藝術與設計：利用 AI 生成的畫作、雕塑、建築、產品設計等藝術品，在數位藝術、數位雕塑、數位建築、數位產品設計等領域都有廣泛應用。 7. 醫療與健康：開發新的醫學影像和診斷技術，用於分析醫學圖像、診斷疾病、預測病患預後等等。 8. 金融服務：利用生成式 AI 開發新型金融工具及服務，如自動生成的金融新聞、投資建議、金融市場預測等。 9. 教育與研究：研製能生成新知識和教材的教育科技平台、工具和軟體，用於科學研究、數學證明、歷史分析等領域。 以上這些應用都屬於「生成式 AI」的開發範疇，意味著藉由這一技術，我們可以為創作、創新和決策提供前所未有的機會與可能性。 跟真實人類所寫的內容相比，有帶給你不一樣的感覺嗎？ 參考資料 電腦與通訊，AI 未來四大方向：分散式 AI、生成式 AI、可信任 AI、永續 AI DIGITIMES，ChatGPT 引領生成式 AI 蓬勃發展 成為 2023 年 AI 技術關鍵趨勢 < Previous News Next News >

門禁系統如何踏出資安標準合規的第一步？ 2024-03-27 全球安防科技網 新聞來源： https://www.asmag.com.tw/showpost/12881.aspx? 繼影像監控系統（IP Camera、NVR/DVR、NAS）之後，行動應用資安聯盟又於1月30日正式發佈了「門禁系統資安標準V2.0 暨測試規範V2.0」，對門禁廠商來說，如何順利合規不啻為一大挑戰。 a&s媒體特別攜手法國必維國際檢驗集團（BUREAU VERITAS） 資安認證團隊規劃系列報導，將分別針對門禁管理平台、閘道控制器、讀取器、門鎖等資安標準，從第三方驗證公司的角度與廠商分享應關注的重點以及可落實的合規作法。敬請期待！ （圖片來源：123RF） 隨著科技的不斷進步，更多具備IoT功能的設備、系統和服務， 包括各項OT通訊協定（如ModBus、BACnet）、IT協定（如HTTPS、SFTP）以及各式各樣的傳輸技術，都已大量導入機電控制、冷凍空調、防火防災、防盜保全等智慧建築（Smart Building）領域。 面臨門禁系統安全挑戰， 全球資安標準趨勢 在這樣的大環境下，門禁系統不再僅僅是物理安全的象徵，其涉及的網路和資訊安全 （Cybersecurity）也愈發重要。卡巴斯基（Kaspersky Lab）的研究指出，2019上半年用於控制智慧建築自動化系統的電腦，就有37%受到惡意攻擊的影響;而關於人員門禁個資外流、大樓指示牌與顯示螢幕被駭、影像 監控系統影片流出⋯等相關新聞報導亦層出不窮，顯見物聯網資安的重要性。 從2020年開始，我們可以看到世界各國公佈了許多網路安全相關法規，從美國加州物聯網條例草案、日本的電信商業法、德國IT安全法案、歐盟的網路韌性法⋯等。毫無疑問的，為了因應各國市場的法規和監管機構，智慧建築生態系的一線廠商們開始導入相關網路安全標準到自家的產品、系統，甚至是產品開發流程當中，例如ISA/IEC 62443、ETSI EN 303 645等國際資安標準， 皆是廠商可以採用的內容。尤其是ISA/ IEC 62443標準特別關注OT環境的安全風險，廠商可從公司治理、安全供應鏈、產品開發、產品生命週期四大層面塑造自家產品網路安全的基礎防護能力。透過遵循這些國際標準中的要求， 廠商不僅能夠保護其產品網路安全，還能樹立商業上的技術護城河。 台灣門禁系統資安標準3大基本測試項目 以台灣市場來說，政府相關單位於2021年即已著手門禁系統資安標準的制定，行動應用資安聯盟於今（2024） 年1月30日又發佈了「門禁系統資安標準V2.0暨測試規範V2.0」第1∼6部， 涵蓋了「門禁管理平台」、「門禁閘道控制器」、「門禁讀取器」、「智慧門鎖」、「人臉辨識門禁裝置」5項產品。然而新的規範上路也必然遇到許多挑戰，法國必維國際檢驗集團建議門禁系統廠商，要跨出合規的第一步，應從門禁系統安全規範中最重要的3個測試項目為主： • 門禁系統安全－第1-1部：一般要求事項中的5.2.2.3網路服務最小化測試。 • 5.2.3.2測試作業系統與網路服務是否存在CVSS v3評分為9.0分以上之常見安全脆弱性。 • 5.2.3.3網頁管理介面高風險等級脆弱性測試。 藉由這3項基本測試，門禁系統廠商們可以得知自家產品的現況，並思考團隊可以如何提升門禁系統產品的網路安全性。 測試1 ： 網路服務最小化 首先，我們先來探討門禁系統資安標準第一部5.2.2.3網路服務最小化測試。這個測試的目的是驗證門禁產品是否存在預期以外的網路埠，意即廠商在送測前須先了解其產品對外開啟的服務有哪些？是不是可從其他台主機可以被偵測的到？再來開啟這些服務是否合理？因為有心人士可透過不同服務的偵測與枚舉，進一步收集資訊找到攻擊點。因此藉由這項測試，我們可以確保門禁系統僅開啟必要且已知的網路服務，減少攻擊面、提高系統的安全性。這項檢測也有助於避免不必要的網路連接，減少潛在的風險。 測試2 ： 常見資安漏洞檢測 其次，5.2.3.2測試作業系統與網路服務是依照目前市面上已知的作業系統弱點下去做檢測，而規範以CVSS v3 9.0 為分界點。根據CVSS v3評分，如果存在9.0分以上的常見資安漏洞，系統將面臨極大的風險。因為這些已知的漏洞可能被駭客利用，導致系統遭受攻擊、資料外洩、或系統功能受損等危害。所以此檢測目的在於，要求廠商時時更新與修補門禁系統所在之作業系統，以避免未修補的漏洞成為潛在的攻擊入口。但由於資安事件層出不窮，即使通過測試，必維也還是建議廠商定期的做作業系統弱點檢測，並且時時做更新與修補，才能確保門禁系統的堅固性。 測試3 ： 網頁管理介面漏洞檢測 最後，5.2.3.3網頁管理介面高風險等級漏洞測試，目的是驗證門禁產品的網頁管理介面是否存在OWASP Web Top 10高風險等級的漏洞。OWASP （Open Web Application Security Project）是一個全球性非營利組織，而 Web Top 10是由其中的一群資安專家長期關注網路應用程式風險，並按照其嚴重性和頻率進行排名，旨在揭示最常見的10種網路應用程式安全漏洞。網頁管理介面通常是攻擊者入侵的一個重要入口，而在門禁系統的網頁管理介面中， 可能存在SQL注入攻擊、跨站腳本攻擊（XSS）、跨站請求偽造（CSRF）等高風險等級漏洞。此測試的目的就是確保這些漏洞不會成為潛在的攻擊入口，而常態性進行這類測試有助於及早發現並修補潛在的漏洞，提高網頁管理介面的安全性，防範潛在的攻擊。 結語 綜合而言，門禁系統的網路安全測試是確保整體系統安全性不可或缺的一環。先藉由網路服務最小化、常見資安漏洞以及網頁管理介面漏洞3項基本測試，可以讓廠商先了解目前產品的資安狀況，進而研擬修補或升級的計畫。隨著整體資安意識的成熟，我們能夠有效地強化門禁系統的網路安全性，保障用戶和資訊的安全。 < Previous News Next News >

危害國家資安產品禁用清單 數位部：約千項列管 2023 -10-24 資安人 新聞來源： https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10761&mod=1 資安署表示，這份清單分成10幾個大類，有網路類、系統類、資料庫類、機器人等類型，1000多個列管項目中，大約有1/5跟資料庫、電子書有關。 數位部資安法修法日前預告，禁止公部門採購與使用危害國家資通安全產品，不過這份名單並未公開。數位部長唐鳳說明，主要考量軟體服務很容易改名，也可能公布名單後馬上「洗產地」。 立法院交通委員會審查113年度中央政府總預算案關於數位發展部單位預算時，數位部長唐鳳答詢表示，盤點中國可實質控制的軟體、服務與硬體產品等，確實有些部會還在使用，會限期汰換，若還在使用，會需要斷網使用等。 針對還在使用因此特別列管的產品，數位部資安署長謝翠娟表示，舉例來說，有些部會因為業務需要查詢中國資料庫、讀相關論文，所以需要特別請資安長簽核使用。 立委擔心會不會公部門外包的下游廠商還是可能採購或使用危害國家資安產品，唐鳳表示， ●第一，像是先前修正「各機關對危害國家資通安全產品限制使用原則」，台鐵廣告看板這類型場域也要包含在契約規範中。 ●第二，公部門共同供應契約中，會有2個機關以上都在使用的產品，機關可以從中挑選，等於是「白名單」，如果完全是沒看過的品牌或產品等，可以再來跟數位部詢問，希望引導購買沒有疑慮的產品。 唐鳳表示，目前資安規定納入政府的資訊採購中，公部門採購品項工程會跟數位部可以去檢視，產品如果上網更新漏洞，資安署也會知道是否有使用相關產品等。 謝翠娟會後受訪時表示，對公部門來說，多數可用產品是正面表列，目前向數位部查詢每月平均約20多件。危害國家資通安全產品清單分成10幾個大類，有網路類、系統類、資料庫類、機器人等類型，1000多個列管項目中，大約有1/5跟資料庫、電子書有關。 媒體詢問這些列管中的產品何時可以全數汰換，謝翠娟表示，公部門特別列管的數量約1000多個產品，使用年限到期就要汰換，但部分產品因當地沒有其他選擇，還是可能繼續使用，確實無法完全汰換。 謝翠娟說明，部分外館因為當地沒有其他電信商可選擇，因此必須使用相關產品，畢竟還是要上網，但就必須加上更嚴格的控制措施，包含防火牆、資安防護、網路封包檢測等。 < Previous News Next News >

生成式 AI 崛起，你要把資安交給誰保護？ 2024-09-02 科技新報 新聞來源： https://infosecu.technews.tw/2024/09/02/generative-ai-information-security 資訊安全離你我並不遙遠。尤其台灣身處地緣衝突中心，Check Point Research今年第二季最新數據，台灣平均每週受攻擊次數居亞太之冠。現在科技發展一日千里，全球又深陷地緣衝突，資訊安全會如何演變？ 你常看到 Facebook 假冒名人的詐騙帳號嗎？或還記得 2022 年美國眾議院長裴洛西訪台時，一間 7-11 跑馬燈竟然被中國駭客入侵，出現「戰爭販子裴洛西，滾出台灣」的字幕嗎？ 亞馬遜網路服務公司AWS，今年的資安盛會「re:Inforce」，特別以「生成式AI時代下的安全」為題召開。商業周刊專訪亞馬遜的首席安全長施密特（Steve Schmidt），他認為， 網路資訊安全正面臨兩大挑戰，一是生成式AI崛起，駭客攻擊更難辨，第二是俄烏戰爭後，不分大小企業開始遭遇國家級攻擊。 生成式AI正在改變資安的運作，「關鍵是，攻擊方和防守方都在改變，兩邊都變得更有效率」，他分析。 在防守方，AI能讓工程師能夠更快處理大量的資料，也能夠快速鎖定需要處理的資安漏洞，「讓一堆人盯著一堆螢幕，慢慢翻閱系統工作日誌的時代已經過去了」。 未來將更常面臨AI強化、國家級的攻擊 攻擊方也同樣被AI強化，施密特說，「尤其勒索軟體現在是非常常見的問題，五年前跟現在根本不能比」。他強調，而且這不是針對某些特定產業，是所有人都可能遇到，包括醫院、地方政府等通常沒有龐大的資安團隊的小型組織，都難以倖免。 根據FBI去年的「網路犯罪報告」， 勒索軟體雖然按報案數量排名，並不是最大宗的，但損失金額成長率卻相當驚人，年增達74%。其中前三攻擊目標，分別是公共衛生、關鍵製造業，和政府組織。 施密特解釋，常見攻擊方式是先透過盜取相關人員的身份，再把惡意軟體裝到你的系統裡。而攻擊者盜取身份的方式，通常是透過網路釣魚。「以前我們收到釣魚信件很容易看出寫得很糟，文法和邏輯都有問題，但生成式AI讓攻擊者可以輕易克服這些問題」，他說。 另一個新出現的重大挑戰，是自烏克蘭戰爭開打後，俄羅斯為了阻止各國運送物資到烏克蘭，開始瞄準物流、海運，或鐵路系統，嘗試阻止它們運送物資，「這代表這些公司突然需要面臨國家等級的攻擊，這是從來沒遇過的。」 現在全球地緣衝突頻發，企業面臨的「國家級威脅」恐怕不會只侷限於俄烏戰場一處。 台灣對雲端運算及資安的需求也在不斷增加。AWS於今年6月宣布，將於明年在台灣推出「區域」（region）等級的基礎設施，加入目前全球33個區域級運算中心的行列。 台灣過去只有「本地區域」（Local Zone）級的基礎設施，該等級是「區域」的延伸，仍需要連接到區域級的運算中心才能運作。對於這次升級，施密特表示，「是因為當地（台灣）製造業需要非常低延遲的傳輸，去存取高可用性的資料（註：高可用性指服務不易故障或中斷），這也有助於它們去滿足一些資安規定。」 資訊安全交給誰？是企業最重要決定之一 那麼，該從哪裡著手加強資安？施密特建議，企業首先需要思考：「你有什麼樣的資料？這些資料要存在哪？該如何儲存？誰可以存取？以什麼原因、什麼時間點可以存取？你做的防護如何向政府管制單位證明有效？」 施密特建議企業可以從硬體開始做多重要素驗證（Multi-factor authentication，MFA），電腦裝多重要素驗證的Token（認證裝置），沒有這個Token就沒辦法存取系統中的資料，「我們鼓勵客戶也這樣做，因為一般的MFA，像是簡訊驗證（SMS）根本不夠，很不幸的，SMS其實很好破解」，施密特說。 在軟體面，施密特指出，「決定由哪家服務商來保障你企業的安全，會是你最重要的決定之一」。AWS與許多資安服務商有合作，他舉例，如果你擔心威脅最大的身份盜竊問題，就可以找Okta、Ping Identity、CrowdStrike等。 施密特也強調，不要認為中小企業或是傳統製造業，因為數位化能力較弱，就不適合把資料上雲。正是因為他們沒有足夠的IT人才去管理自己的資料庫，反而更適合使用類似AWS的服務，直接把企業資料轉到受管理的專業資料庫中。 資安人才成為AI時代新焦點 「AI資安人才」，是另一個此次大會上常被提及的新焦點。現任AWS首席資訊安全長（CISO）貝特茲（Chris Betz）在大會上說道， 「現在找到AI人才很困難，找到安全人才也很困難，但同時找到理解這兩者交集的人，更加困難。」 當「量」不夠，只能往「質」去追求。施密特表示，「就算我們是非常具吸引力的公司，也不容易招到人，原因是全球的資安人才庫非常有限，所以必須讓我們的人才在工作上更有效率。」 所謂有效率，是只讓真人去判斷那些模糊，屬於灰色地帶的部分。因為電腦很擅長判斷是或否，而且這可以透過AI獲得強化，但中間的它並不知道，這時候就需要聰明的真人去處理。 隨著AI蓬勃發展，人才訓練的需求也跟著提升。 根據AWS提供的資料，截至去年10月，AWS發出的課程認證（certification）數量超過126萬，比前一年增長了24%。 跨領域的結合，也是趨勢之一。另一位受訪者，AWS全球安全服務副總裁羅斯曼（Hart Rossman）對商周表示， 現在最炙手可熱的高階安全領導人才，最好兼顧三個領域： 第一是具備產業知識，如果你不懂這個產業，很難知道要保護什麼； 第二是很適應科技領域，最好能看懂代碼； 第三是具備資料科學和機械學習的知識。 後兩者看似很難，但他看過的一些案例是，有些人在6到9個月就能透過課程學完，「你不需要回到學校拿個博士學位才會這些」，羅斯曼說。 現任亞馬遜執行長賈西（Andy Jassy）曾說，「安全是我們的Job Zero」，意思是就算第一重要的工作，都得排在資訊安全之後。對安全的絕對要求，是亞馬遜能成為電商及雲端龍頭不可或缺的基石。當資安威脅跟著AI一起成長，或許「Job Zero」的思維將成為所有企業的必修課。 （作者：曹博凱；本文由《 商業周刊 》授權轉載；首圖來源： Image By Freepik ） < Previous News Next News >

第二屆第12次理監事聯席【會議紀錄】 2025年8月21日 上午6:30:00

Facial recognition – fascinating and intriguing 2020-09-11 Thales Digital Communications 新聞來源： https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/biometrics/facial-recognition Facial recognition – fascinating and intriguing In this web dossier, you'll discover the seven face recognition facts and trends set to shape the landscape in 2020. But more about that later. In this web dossier, you'll discover the seven face recognition facts and trends set to shape the landscape in 2020. Top technologies and providers AI impact - Getting better all the time 2019-2024 markets and dominant use-cases Face recognition in China, India, United States, EU, and the UK, Brazil, Russia... Privacy vs Security: laissez-faire or freeze, regulate or ban? Latest hacks: can facial recognition be fooled? Moving forward: towards hybridized solutions. Let’s jump right in. How facial recognition works Facial recognition is the process of identifying or verifying the identity of a person using their face. It captures, analyzes, and compares patterns based on the person's facial details. The face detection process is an essential step as it detects and locates human faces in images and videos. The face capture process transforms analogue information (a face) into a set of digital information (data) based on the person's facial features. The face match process verifies if two faces belong to the same person. Today it's considered to be the most natural of all biometric measurements. And for a good reason – we recognize ourselves not by looking at our fingerprints or irises, for example, but by looking at our faces. Thales has specialized in biometric technologies for almost 30 years. The company has always collaborated with the best players when it comes to research, ethics, and biometric applications. Face match Before we go any further, let's quickly define two keywords: "identification" and "authentication". Face recognition data to identify and verify Biometrics are used to identify and authenticate a person using a set of recognizable and verifiable data unique and specific to that person. For more on biometrics definition, visit our web dossier on biometrics. Identification answers the question: "Who are you?" Authentication answers the question: "Are you really who you say you are?" Stay with us. Here are some examples : In the case of facial biometrics, a 2D or 3D sensor "captures" a face. It then transforms it into digital data by applying an algorithm before comparing the image captured to those held in a database. These automated systems can be used to identify or check the identity of individuals in just a few seconds based on their facial features: spacing of the eyes, bridge of the nose, the contour of the lips, ears, chin, etc. They can even do this in the middle of a crowd and within dynamic and unstable environments. Proof of this can be seen in the performance achieved by Thales' Live Face Identification System (LFIS), an advanced solution resulting from our long-standing expertise in biometrics. Owners of the iPhone X have already been introduced to facial recognition technology. However, the Face ID biometric solution developed by Apple was heavily criticized in China in late 2017 because of its inability to differentiate between individual Chinese faces. Of course, other signatures via the human body also exist, such as fingerprints, iris scans, voice recognition, digitization of veins in the palm, and behavioural measurements. Why facial recognition, then? Facial biometrics continues to be the preferred biometric benchmark. That's because it's easy to deploy and implement. There is no physical interaction required by the end-user. Moreover, face detection and face match processes for verification/identification are speedy. Best face recognition software So, what is the best face recognition software? #1 Top facial recognition technologies In the race for biometric innovation, several projects are vying for the top spot. Google, Apple, Facebook, Amazon, and Microsoft (GAFAM) are also very much in the mix. All the software web giants now regularly publish their theoretical discoveries in the fields of artificial intelligence, image recognition, and face analysis in an attempt to further our understanding as rapidly as possible. There's more. The very latest results of tests conducted in March 2018 and published in May by the US Homeland Security Science and Technology Directorate, known as the Biometric Technology Rally, also provide an excellent indication of the best face recognition software available on the market. But let’s take a closer look : Academia The GaussianFace algorithm developed in 2014 by researchers at The Chinese University of Hong Kong achieved facial identification scores of 98.52% compared with the 97.53% achieved by humans. An excellent rating, despite weaknesses regarding memory capacity required and calculation times. Facebook and Google Again in 2014, Facebook announced the launch of its DeepFace program, which can determine whether two photographed faces belong to the same person, with an accuracy rate of 97.25%. When taking the same test, humans answer correctly in 97.53% of cases, or just 0.28% better than the Facebook program. In June 2015, Google went one better with FaceNet. On the widely used Labeled Faces in the Wild (LFW) dataset, FaceNet achieved a new record accuracy of 99.63% (0.9963 ± 0.0009). Using an artificial neural network and a new algorithm, the company from Mountain View has managed to link a face to its owner with almost perfect results. This technology is incorporated into Google Photos and used to sort pictures and automatically tag them based on the people recognized. Proving its importance in the biometrics landscape, it was quickly followed by the online release of an unofficial open-source version known as OpenFace. Microsoft, IBM, and Megvii A study done by MIT researchers in February 2018 found that Microsoft, IBM, and China-based Megvii (FACE++) tools had high error rates when identifying darker-skin women compared to lighter-skin men. At the end of June 2018, Microsoft announced in a blog post that it had made substantial improvements to its biased facial recognition technology. Amazon In May 2018, Ars Technica reported that Amazon is already actively promoting its cloud-based face recognition service named Rekognition to law enforcement agencies. The solution could recognize as many as 100 people in a single image and can perform face match against databases containing tens of millions of faces. In July, Newsweek reported that Amazon’s facial recognition technology falsely identified 28 members of US Congress as people arrested for crimes. Key biometric matching technology providers At the end of May 2018, the US Homeland Security Science and Technology Directorate published the results of sponsored tests at the Maryland Test Facility (MdTF) done in March. These real-life tests measured the performance of 12 face recognition systems in a corridor measuring 2 m by 2.5 m. Thales' solution utilizing a Facial recognition software (LFIS) achieved excellent results with a face acquisition rate of 99.44% in less than 5 seconds (against an average of 68%), a Vendor True Identification Rate of 98% in less than 5 seconds compared with an average 66%, and an error rate of 1% compared with an average 32%. Face tracking March 2018 – The live testing done using more than 300 volunteers identified the best-performing facial recognition technologies. More on performance benchmarks: The NIST (National Institute of Standards and Technology) report, published in November 2018, details recognition accuracy for 127 algorithms and associates performance with participant names. The NIST Ongoing Face Recognition Vendor Test (FRVT) 3 performed at the end of 2019 provides additional results. See NIST report. NIST also demonstrated that the best facial recognition algorithms have no racial nor sex bias, as reported in January 2020 by ITIF. Critics were wrong. Mid-June 2020, IBM said it will no longer offer facial recognition technology and stop its research and development activities, and Microsoft pulled its face recognition solutions from law enforcement agencies in the United States. In a blog post published on 10 June, Amazon is putting a moratorium of one year on the use of its technology by police. The e-commerce giant said it’s giving time for federal laws to be initiated and protect human rights and civil liberties in this domain. Facial emotion detection and recognition Emotion recognition (from real-time of static images) is the process of mapping facial expressions to identify emotions such as disgust, joy, anger, surprise, fear, or sadness on a human face with image processing software. Its popularity comes from the vast areas of potential applications. It's different from facial recognition which goal is to identify a person, not an emotion. Face expression may be represented by geometric or appearance features, parameters extracted from transformed images such as eigenfaces, dynamic models, and 3D models. Providers include Kairos (face and emotion recognition for brand marketing), Noldus, Affectiva, Sightcorp, Nviso, among others. #2 Learning to learn through deep learning The feature common to all these disruptive technologies is known as Artificial Intelligence (AI) and, more precisely, deep learning where a system is capable of learning from data. Why is it important? It's a central component of the latest-generation algorithms developed by Thales and other key players in the market. It holds the secret to face detection, face tracking, and face match as well as real-time translation of conversations. The result? Face recognition systems are getting better all the time. According to a recent NIST report, massive gains in accuracy have been made in the last five years (2013- 2018) and exceed improvements achieved in the 2010-2013 period. Most of the face recognition algorithms in 2018 outperform the most accurate algorithm from late 2013. In its 2018 test, NIST found that 0.2% of searches, in a database of 26.6 million photos, failed to match the correct image, compared with a 4% failure rate in 2014. Yes, you read that right. It's a 20x improvement over four years. Think about it this way: Artificial neural network algorithms are helping face recognition algorithms to be more accurate. #3 Facial recognition markets Face recognition markets A study published in June 2019, estimates that by 2024, the global facial recognition market would generate $7 billion of revenue, supported by a compound annual growth rate (CAGR) of 16% over the period 2019-2024. For 2019, the market is estimated at $3.2 billion. The two most significant drivers of this growth are surveillance in the public sector and numerous other applications in diverse market segments. According to the study, the top facial recognition vendors include : Accenture, Aware, BioID, Certibio, Fujitsu, Fulcrum Biometrics, Thales, HYPR, Idemia, Leidos, M2SYS, NEC, Nuance, Phonexia, and Smilepass. The main facial recognition applications can be grouped into three principal categories. What is facial recognition used for? Here are the top three application categories where facial recognition is being used. 1. Security - law enforcement This market is led by increased activity to combat crime and terrorism. The benefits of facial recognition systems for policing are evident: detection and prevention of crime. Facial recognition is used when issuing identity documents and, most often combined with other biometric technologies such as fingerprints (prevention of ID fraud and identity theft). Face match is used at border checks to compare the portrait on a digitized biometric passport with the holder's face. In 2017, Thales was responsible for supplying the new automated control gates for the PARAFE system (Automated Fast Track Crossing at External Borders) at Roissy Charles de Gaulle airport in Paris. This solution has been devised to facilitate evolution from fingerprint recognition to facial recognition during 2018. Face biometrics can also be employed in police checks, although its use is rigorously controlled in Europe. In 2016, the "man in the hat" responsible for the Brussels terror attacks was identified thanks to FBI facial recognition software. The South Wales Police implemented it at the UEFA Champions League Final in 2017. In the United States, 26 states (and probably as many as 30) allow law enforcement to run searches against their databases of driver’s license and ID photos. The FBI has access to driver’s license photos of 18 states. Drones combined with aerial cameras offer an interesting combination for facial recognition applied to large areas during mass events, for example. According to the Keesing Journal of Documents and Identity of June 2018, some hovering drone systems can carry a 10-kilo camera lens that can identify a suspect from 800 meters from a height of 100 meters. As the drone can be connected to the ground via a power cable, it has an unlimited power supply. The communication to ground control can’t be intercepted as it also uses a cable. Facial recognition CCTV systems can improve performance in carrying public security missions. Let's illustrate this with four examples: Find missing children and disoriented adults Identify and find exploited children Identify and track criminals Support and accelerate investigations facial recognition cctv 1. Find Missing children and disoriented adults. Face recognition CCTV systems can significantly accelerate operators’ efforts by enabling them to add a reference photo provided by the missing child’s parents and match it with past appearances of that face captured on video. Police can use face recognition to search video sequences (aka video analytics) of the estimated location and time the child has been declared missing. Police officers can better figure out the child’s movements before going missing and locate where he/she was last seen. A real-time alert can trigger an alarm whenever there's a match. Police can then confirm its accuracy and do what's necessary to recover the missing children. The same process can be applied for disoriented missing adults (e.g. with dementia, amnesia, epilepsy, or Alzheimer’s disease). 2. Identify and find exploited children. Isolating the appearances of specific individuals in a video sequence is critical. It can accelerate investigators’ jobs in child exploitation cases as well. Video analytics can help build chronologies, track activity on a map, reveal details and discover non-obvious connections among the players in a case. 3. Identify and track criminals. Face recognition CCTV can be used to enable police to track and identify past criminals suspected of perpetrating an additional infraction. Police can also take preventive actions. By using an image of a known criminal from a video or an external picture (or a database), operators can use to detect matches in live video and react before it’s too late. 4. Support and accelerate investigations. Facial recognition CCTV systems can be used to support investigators searching for video evidence in the aftermath of an incident. The ability to isolate the appearances of suspects and individuals is critical for accelerating investigators’ review of video evidence for relevant details. They can better understand how situations developed. 2. Health Significant advances have been made in this area. Thanks to deep learning and face analysis, it is already possible to: track a patient's use of medication more accurately detect genetic diseases such as DiGeorge syndrome with a success rate of 96.6% support pain management procedures. face analysis for health 3. Marketing and retail This area is undoubtedly the one where the use of facial recognition was least expected. And yet quite possibly it promises the most. Know Your Customer (KYC) is sure to be a hot topic in 2020. This important trend is being combined with the latest marketing advances in customer experience. By placing cameras in retail outlets, it is now possible to analyze the behavior of shoppers and improve the customer purchase process. How exactly? Like the system recently designed by Facebook, sales staff are provided with customer information taken from their social media profiles to produce expertly customized responses. The American department store Saks Fifth Avenue is already using such a system. Amazon GO stores are reportedly using it. How long before the selfie payment? Since 2017, KFC, the American king of fried chicken, and Chinese retail and tech giant Alibaba have been testing a face recognition payment solution in Hangzhou, China. #4 Mapping of new users While the United States currently offers the largest market for face recognition opportunities, the Asia-Pacific region is seeing the fastest growth in the sector. China and India lead the field. Face recognition in China Face recognition technology is the new hot topic in China, from banks and airports to police. Now authorities are expanding the facial recognition sunglasses program as police are beginning to use them in the outskirts of Beijing. China is also setting up and perfecting a video surveillance network countrywide. Over 200 million surveillance cameras were in use at the end of 2018, and 626 million are expected by 2020. The facial recognition towers in Chinese cities are emblematic of this move. This is linked to the social credit system the Chinese government is developing. In the TOP 10 cities with most street cameras per person, Chongqing, Shenzhen, Shanghai, Tianjin, and Ji’nan are leading the pack. London is #6 and Atlanta #10, according to the Guardian of 2 December 2019. There's more. Chinese police are working with artificial intelligence companies such as Yitu, Megvii, SenseTime, and CloudWalk, according to The New York Times of 14 April 2019. China's ambitions in AI (and facial recognition technology) are high. The country aims to become a world leader in AI by 2030. Surprisingly, China provides strong biometric data protection against private entities AND increases government's access to personal information. This paradox is evidenced by privacy expert Emmanuel Pernot- Leplay in his report dated 27 March 2020. Facial recognition in Asia Facial recognition will be a significant topic for the 2020 Olympic Games in Tokyo (postponed to September 2021). This technology will be used to identify authorized persons and grant them access automatically, enhancing their experience and safety. In Sydney, face recognition is undergoing trials at airports to help move people through security much faster and in a safer way. In India, the Aadhaar project is the largest biometric database in the world. It already provides a unique digital identity number to 1.26 billion residents as of August 2020. UIDAI, the authority in charge, announced that facial authentication would be launched in a phased roll-out by September 2018. Face authentication will be available as an add-on service in fusion mode along with one more authentication factor like fingerprint, Iris, or OTP. India could also roll-out the world's most extensive face recognition system in 2020. The National Crime Records Bureau (NCRB) has issued an RFP inviting bids to develop a nationwide facial recognition system. According to the 160-page document, the system will be a centralized web application hosted at the NCRB Data Center in Delhi. It will be available for access to all the police stations. It will automatically identify people from CCTV videos and images. The Bureau states that it will help police catch criminals, find missing people, and identify dead bodies. Other large projects In Brazil, the Superior Electoral Court (Tribunal Superior Eleitoral) is involved in a nationwide biometric data collection project. The aim is to create a biometric database and unique ID cards by 2020, recording the information of 140 million citizens. In Africa, Gabon, Cameroon, and Burkina Faso have chosen Thales to meet the challenges of biometric identity to uniquely identify voters in particular. Russia's Central Bank has been deploying a countrywide program since 2017 designed to collect faces, voices, iris scans, and fingerprints. But the process is progressing very slowly according to the Biometricupdate website of 13 March 2019. The city of Moscow claims one of the world’s largest network of 160,000 surveillance cameras by the end of 2019 and are to be fitted with facial recognition technology for public safety. The roll-out started in January 2020. Russian law does not regulate non-consensual face detection and analysis. Biometric information #5 When face recognition strengthens the legal system The ethical and societal challenge posed by data protection is radically affected by the use of facial recognition technologies. Do these technological feats, worthy of science-fiction novels, genuinely threaten our freedom? And with it, our anonymity? EU and UK biometric data protection In Europe and the UK, the General Data Protection Regulation (GDPR) provides a rigorous framework for these practices. Any investigations into a citizen's private life or business travel habits are out of the question, and any such invasions of privacy carry severe penalties. Applicable from May 2018, the GDPR supports the principle of a harmonized European framework, in particular protecting the right to be forgotten and the giving of consent through clear affirmative action. This directive is bound to have international repercussions. Yes, you read it well. There's now one law for 500 million people. US biometric data protection landscape In America, the State of Washington was the third US state (after Illinois and Texas) to formally protect biometric data through a new law introduced in June 2017. California was the fourth state as of January 2020. The California Consumer Privacy Act (CCPA) passed in June 2018 and effective as of 1 January 2020 will have a serious impact for privacy rights and consumer protection not only for residents of California but for the whole nation as the law is frequently presented as a model for a federal data privacy law. In that sense, the CCPA has the potential to become as consequential as the GDPR. In July 2018, Bradford L. Smith, Microsoft’s president, compared the face recognition technology to products like medicines that are highly regulated, and he urged Congress to study it and oversee its use. In May 2019, US Rep. Alexandria Ocasio-Cortez voiced her "absolute" concerns in a recent Committee Hearing on facial recognition Technology (Impact on our Civil Rights and Liberties). More recently, a New York State law called the Stop Hacks and Improve Electronic Data Security (SHIELD) became effective 21 March 2020. It requires the implementation of a cybersecurity program and protective measure fro NY State residents. The act applies to businesses that collect the personal information of NY residents. With the act, New York now stands beside California. Facial recognition bans (San Francisco, Somerville, Oakland, San Diego, Boston...) Privacy and civil rights concerns have escalated in the country as face recognition gains traction as a law enforcement tool and, on 6 May 2019, San Francisco voted to ban facial recognition. It is the first ban of its kind on the use of face recognition. The anti-surveillance ordinance signed by San Francisco's Board of Supervisors bars city agencies, including San Francisco PD, from using the technology as of June 2019. Yes, this includes law enforcement. There's more. As reported by the Boston Globe of 27 June 2019, the Somerville City Council (Massachusetts) voted to ban the use of facial recognition, making the city the second community to take such a decision. Lather, rinse, repeat. On 16 July 2019, Oakland (California) took the same decision and became the third US city to ban the use of face recognition technology. It is interesting to note that the Oakland Police department is not using this technology and was not planning to use it. San Diego took the same decision at the end of December 2019 in advance of the new Californian law. This new law (Assembly Bill 215) about facial recognition and other biometric surveillance) specifically prohibits the use of police body cameras in California. The ban is in place for three years as of 1 January 2020. Since the San Francisco, Sommerville, Oakland, and now San Diego rulings, the debate gets louder in many cities and not only in the U.S. Portland (Oregon) is considering a ban for 2020. Early January, the vote has been put on hold until June, however. Portland could be the first city to extend it to private stores, airlines, and event venues. On 24 June 2020, Boston voted to ban the use of face surveillance technology by police as reported by Boston Herald. In Europe, at the end of August 2019, Sweden's Data Protection Authority decided to ban facial recognition technology in schools and fined a local high school (the first GDPR penalty in the country). How to better regulate emerging technologies? So... Should other cities or countries follow this example? Is the ban just a "pause button" to better assess risks? Is this a step backwards for public safety? Is there a policy vacuum? At which level? Stay tuned for the outcome of all these discussions as the US Congress is getting pressure from activists to ban the technology and from providers (see box below) to regulate. The EU Commission is planning to act on indiscriminate use of facial identifier technology. The new European Commission president Ursula von der Leyen wants a coordinated approach to the human and ethical implications of artificial intelligence. She has pledged to publish an AI legislation blueprint very soon. The very first draft of the European commission whitepaper is available online. The document mentions “a time-limited ban on the use of facial recognition by private or public actors in public spaces.” Again the questions of privacy, consent, and function creep (data collected for one purpose being used for another) are central to the debate. Find more on biometric data protection laws (EU, UK and US perspective) in our biometric data dossier. India and its national biometric identification scheme, Aadhaar In India, thanks to the Puttaswamy judgment delivered on 27 August 2017, the Supreme Court has enshrined the right to privacy in the country's constitution. This decision has rebalanced the relationship between citizen and state and posed a new challenge to the expansion of the Aadhaar project. The Indian government, however, approved the use of the country's biometric EID program by private entities on 28 February 2019. Rebound effect: the legal system and its professions get even stronger. As both ambassadors and guardians of data protection regulation, the post of data protection officer has become necessary for businesses and a much sought-after role. can face recognition be fooled #6 The rebels – facial recognition hackers Despite this technical and legal arsenal designed to protect data, citizens, and their anonymity, critical voices have still been raised. Some parties are concerned and alarmed by these developments. Some have taken actions. But can facial recognition be fooled? In Russia, Grigory Bakunov has invented a solution to escape the eyes permanently watching our movements and confuse face detection devices. He has developed an algorithm that creates special makeup to fool the software. However, he has chosen not to bring his product to market after realizing how easily criminals could use it. In Germany, Berlin artist Adam Harvey has come up with a similar device known as CV Dazzle. He is now working on clothing featuring patterns to prevent detection. The hyperface camouflage includes patterns in fabric, such as eyes and mouths, to fool the face recognition system. In late 2017, a Vietnamese company successfully used a mask to hack the Face ID face recognition function of Apple's iPhone X. However, the hack is too complicated to implement for large-scale exploitation. Around the same time, researchers from a German company revealed a hack that allowed them to bypass the facial authentication of Windows 10 Hello by printing a facial image in infrared. Forbes announced in an article from May 2018 that researchers from the University of Toronto have developed an algorithm to disrupt facial recognition software (aka privacy filter). In August 2020, the Verge detailed a "cloaking" app named Fawkes. The software imperceptibly distorts your selfies and other pics you may leave on social media. The tool is coming from the University of Chicago’s Sand Lab. In short, a user could apply a filter that modifies specific pixels in an image before putting it on the web. These changes are imperceptible to the human eye but are very confusing for facial recognition algorithms. The industry is working on anti-spoofing mechanisms, and two topics have been specifically identified by standardization groups : Make sure the captured image has been done from a person and not from a photograph (2D), a video screen (2D) or a mask (3D), (liveness check or liveness detection) Make sure that facial images (morphed portraits) of two or more individuals have not been joined into a reference document, such as a passport. #7 Further together – towards hybridized solutions The identification and authentication solutions of the future will borrow from all aspects of biometrics. This will lead to "biometrix" or a biometric mix capable of guaranteeing total security and privacy for all stakeholders in the ecosystem. It's very much the spirit of Thales Gemalto IdCloud Fraud Prevention, a risk assessment, and fraud detection software for payments. In this solution, geolocation, IP-addresses (the device being used) and keying patterns can create a strong combination to authenticate users for on-line banking or egovernment services securely. This seventh trend belongs to us. It's our job to envisage it together and make it happen through high-added-value biometric projects. Face recognition and you Now it's your turn. The months to come hold many changes in store. Indeed, we can't claim to predict all the essential topics that will emerge in the short term future. Can you fill in some of the gaps? If you've something to say on face recognition, tech or trends, a question to ask, or have simply found this article useful, please leave a comment in the box below. We'd also welcome any suggestions on how it could be improved or proposals for future articles. We look forward to hearing from you. 關於中文翻譯，可參考3S Market https://3smarket-info.blogspot.com/2020/09/blog-post_73.html < Previous News Next News >

成立宗旨 成立宗旨 理監事 顧問團隊 專業委員會 公會章程 成立宗旨 理監事 顧問團隊 專業委員會 公會章程 　　台灣智慧安防工業同業公會成立於 2019年12月，會員主要從事影像或語音數據之監控、感應、偵測、門禁、對講與防盜警報設備或系統等軟硬體研發、製造、加工及相關資料分析辨識之整合應用服務（含系統裝設與修護）。 公會成立之宗旨為協助安防產業發展，進行產業升級、新研發，提升產品與服務品質及應用範圍，將積極扮演政府部門交流、溝通協調的角色，努力為會員爭取更多權益。 　　台灣智慧安防工業同業公會致力打造一個為產業提供 集資訊交流、技術合作、供需對接、服務於一體的全方位資源平臺，通過高層對話、專案對接、展會論壇等形式促進產業鏈合作。 　　公會透過參與產品標準制訂、安防工程人才培訓等服務，推進行業規範永續發展；為產業開拓市場、促成技術與資本對接、資訊安全與智慧財產權保護等方面提供實質性幫助，攜手產業邁向高端發展。 姓名 手機 Email 請寫下您的建議 送出訊息 Thanks for submitting! 第二屆理監事名單 任期自111年12月16日起至114年12月15日止 江添貴 理事長 昇銳電子股份有限公司 董事長 李新榮 副理事長 杭特電子股份有限公司 總經理 理事長 & 副理事長 藍明振 常務理事 馥鴻科技股份有限公司 董事長 張隆進 理事 悅達科技股份有限公司 業務副總 張達明 理事 漢軍科技股份有限公司 副總經理 張嘉元 理事 慧友電子股份有限公司 資深經理 常務理事 & 理事 郭吉榮 理事 鎧鋒企業股份有限公司 董事長 陳子恆 理事 通航國際股份有限公司 總經理 黃義宏 理事 躍訊實業有限公司 總經理 連智民 候補 理事 維夫拉克股份有限公司 董事長 張心瑜 候補 理事 翔光工業股份有限公司 產品經理 Composition Cotton 95%, linen 5% Care instructions Machine wash Line dry Iron medium heat Avoid fabric softeners Only non-chlorine bleach when needed Get in Touch 123-456-7890 info@mysite.com