The artificial intelligence (AI) industry in Taiwan refers to the development, application, and commercialization of artificial intelligence technologies within Taiwan. The industry has grown alongside Taiwan's established strengths in semiconductor manufacturing and information and communications technology (ICT), and is supported by government policy, research institutions, and private sector participation. AI development in Taiwan has focused on integrating hardware capabilities with software applications across sectors such as manufacturing, healthcare, and smart infrastructure. Artificial intelligence has been identified as a strategic area of development in Taiwan since the late 2010s. While Taiwan has historically played a limited role in early theoretical and expert-system phases of AI development, its position in global electronics manufacturing has provided a foundation for participation in the contemporary era of machine learning and data-driven AI systems. Taiwan's AI industry is characterized by a strong hardware base, particularly in semiconductor production and AI server manufacturing, combined with increasing investment in software, data infrastructure, and applied AI services. The sector has been shaped by global demand for computing power, advances in deep learning, and the expansion of AI applications in industrial and commercial contexts. == Government policy and development == The Taiwanese government has promoted AI development through a series of national strategies. In 2017, the Ministry of Science and Technology launched the "AI Grand Strategy for a Small Country" initiative, investing approximately US$517 million between 2017 and 2021 to support research, infrastructure, and talent development. This initiative aimed to build a domestic AI ecosystem by funding research centers, expanding data infrastructure, and supporting industrial adoption. The Executive Yuan also introduced the AI Taiwan Action Plan 1.0 (2018–2021), which focused on integrating AI technologies into existing industries and strengthening research and development capabilities. A subsequent plan, AI Taiwan Action Plan 2.0 (2023–2026), expanded the focus to include ethical governance, regulatory frameworks, and risk management in response to the growth of generative AI technologies. In 2023, the Taiwan AI Center of Excellence (Taiwan AICoE), a government-backed hub, was established by the National Science and Technology Council to accelerate AI development, foster international collaboration, and train talent in Taiwan. It acts as a specialized think tank focusing on creating a "smart technology island" by integrating AI resources and developing trusted, human-centric AI technologies. In 2024, the Taiwan Chip-based Industrial Innovation Program (CbI) was launched by the Executive Yuan as a 10-year, NT$300 billion (US$9.3 billion) initiative to leverage Taiwan's semiconductor dominance, driving innovation in AI, smart mobility, manufacturing, and healthcare. It aims to combine generative AI with IC technology, cultivate talent, and attract global startups to build a "Silicon Island". In parallel, the Taiwanese government has explored legislative frameworks such as a proposed Artificial Intelligence Fundamental Act in December 2025, addressing issues including data protection, safety standards, and intellectual property. == Industrial structure == === Semiconductor and hardware foundation === Taiwan's AI industry is closely linked to its semiconductor sector. In 2020, Taiwan accounted for approximately 77.3% of the global wafer foundry market and 57.7% of packaging and testing, with a 20.1% share in integrated circuit (IC) design. These capabilities provide critical infrastructure for AI systems, which rely on high-performance computing hardware. Taiwanese firms are also involved in the production of AI servers and related components, contributing significantly to global supply chains for data centers and cloud computing. The integration of chip design, manufacturing, and assembly has enabled Taiwan to play a central role in providing the computational resources required for AI development. On 20 November 2025, Google established the "Google Taiwan AI Infrastructure R&D Center", second only to its US headquarters and largest AI hardware infrastructure engineering center outside of the United States. === Software and services === Compared to its hardware capabilities, Taiwan's AI software sector is less developed. The absence of large-scale global AI platform companies has been noted as a structural limitation. As a result, much of Taiwan's AI industry focuses on applied solutions, including customization of existing AI models for specific industries. Therefore, efforts to strengthen software capabilities have included investment in research institutions, startup ecosystems, and collaborations between academia and industry. == Applications == === Smart manufacturing === AI has been widely applied in Taiwan's manufacturing sector, which is a major component of the economy. Applications include process automation, predictive maintenance, quality control, and fault detection. AI-enabled smart manufacturing systems aim to improve efficiency, reduce production costs, and enhance product quality. Taiwan's manufacturing industry has incorporated AI technologies into production lines, particularly in electronics and machinery sectors. === Healthcare === The use of AI in healthcare in Taiwan has expanded in areas such as medical imaging, diagnostics, and drug development. AI systems are used to analyze CT scans, MRI data, and other clinical information to support diagnosis and treatment planning. Taiwan's healthcare sector, which includes medical devices, pharmaceuticals, and medical services, has benefited from the integration of AI technologies, particularly in precision medicine and clinical decision support systems. A notable example of AI healthcare deployment in Taiwan is the collaboration between Siemens Healthineers, Ever Fortune AI, and Asia University Hospital. === Edge computing and IoT === AI applications in Taiwan increasingly involve edge computing, where data processing occurs near the source rather than in centralized cloud systems. This approach reduces latency and bandwidth requirements and is used in smart devices, sensors, and industrial equipment. Edge AI technologies are applied in areas such as smart appliances, industrial automation, and transportation systems. == Education and talent development == Human capital development has been a key focus of Taiwan's AI strategy. The Taiwan AI Academy, established in 2018 with support from Academia Sinica and industry partners, provides training programs for professionals and students aimed at accelerating the adoption of artificial intelligence technologies across industries. The academy offers a range of courses, including executive-level programs, technical training, and specialized tracks in areas such as smart manufacturing, smart healthcare, and edge AI. These programs are designed to provide intensive and practical instruction over relatively short periods. A notable component of the curriculum is project-based learning, in which participants are required to complete proof-of-concept (POC) projects addressing real-world industrial problems. These projects are often developed further for implementation within companies, facilitating technology transfer and commercialization. Between 2018 and 2021, more than 8,000 individuals completed AI training programs across campuses in Taipei, Hsinchu, Taichung, and Tainan. Graduates of the academy have contributed to the introduction of AI systems in sectors such as manufacturing, healthcare, and finance, supporting broader industrial transformation efforts. In addition to the Taiwan AI Academy, universities and research institutions in Taiwan play a significant role in AI education and research. Leading universities have expanded programs in computer science, data science, and machine learning, while research institutes conduct applied and fundamental studies in artificial intelligence. Collaboration between academia, government, and industry is a common feature of Taiwan's AI ecosystem, with joint research projects, internship programs, and technology incubation initiatives supporting talent development. Government-supported initiatives have also sought to attract and retain AI talent, including funding for graduate education, international collaboration programs, and incentives for industry–academic partnerships. These efforts aim to address talent shortages and strengthen Taiwan's capacity in both applied and foundational AI research. == Regulation and governance == Taiwan has developed guidelines and policy frameworks to address the risks associated with AI technologies. In 2023, the Executive Yuan issued guidelines for the use of generative AI in government agencies, focusing on data security and privacy. Ongoing policy discussions hav
Biohybrid system
Biohybrid systems refer to the integration of biological materials, such as cells or tissues, with artificial components, including electronics or mechanical structure. This combination incorporates the capabilities of living organisms with the precision of man-made technology. As a result, these systems perform tasks that neither biology nor machines could achieve independently. Biohybrid systems might use lab-cultured muscle cells to power small robots or combine sensors with living tissue for better health sensing. The intent behind these systems is to combine the benefits of biological and technological components to introduce new solutions for complex medical challenges. Biohybrid systems may have transformative potential across sectors, such as robotics to create actuators and sensors that mimic natural muscle and nerve function, medicine in developing smart implants and drug delivery systems, in prosthetics for enhancing user control through neural or muscular interfaces and environmental sustainability for deploying biohybrid solutions for pollution sensing or remediation. == Origin == The term "biohybrid" is a compound of "bio" from biology (meaning life) and "hybrid" (referring to a combination of distinct elements), denoting a field of study. Its use helps distinguish such systems from purely biological constructs or entirely synthetic machines. Early academic mentions may include bio actuated robotics papers and foundational tissue-robot integration studies published in journals like Nature Biotechnology or Science Robotics. The emergence of the term reflects a growing recognition of the need to describe systems that do not fit cleanly into traditional categories. == Design principles == One of the most significant biohybrid challenges is to engineer interfaces between living tissue and artificial materials that are efficient. This means having precise control over adhesion at the surface, diffusion of nutrients, and signal conduction. Actuation mechanisms within the heart of these systems generate movement or mechanical response. These may be in the form of living muscle cells such as skeletal myocytes or cardiomyocytes, soft pneumatic actuators, or electrical stimulation-responsive tissues. Materials selection is equally critical. Hydrogels, elastomers like PDMS (polydimethylsiloxane), and biopolymers are commonly used due to their softness and biocompatibility. These materials must support cell viability, resist immune attack, and allow the integration of mechanical or electrical components. == Key components == At their core, biohybrid systems work by bridging living biological parts with technology. Through this integration, functionality that neither system could accomplish singularly is possible. Biological parts may be cells, tissues, or even organs—occasionally cultured in a laboratory setting. These biological parts carry out biologically inspired behaviors, such as muscle contraction or chemical sensing in the body. Technological components may constitute devices like sensors, electronic components, and mechanical structure. These manipulate the system, supply power, or transfer data. An example is a sensor that is implantable within a body and detects glucose levels as it sends information to a smart phone. By integrating these artificial and biological parts, biohybrid systems can perform advanced functions, such as tissue regeneration, real-time health monitoring, or the recovery of motor function in paralysis patients. Biohybrid systems generally consist of two major components: the biological and the mechanical. Biological components may include muscle cells for contraction, endothelial cells for vascularization, and stem cells for regenerative capabilities. Mechanical components comprise soft actuators that mimic organic motion, synthetic scaffolds that provide support and structure, and microfluidic systems that facilitate the delivery of nutrients and removal of waste. These components are combined in a manner that allows for dynamic, lifelike behavior—such as the contraction of tissue or the propagation of mechanical waves—while maintaining biocompatibility and durability. == Applications == The range of applications for biohybrid systems is broad and continuously expanding. In robotics, biohybrid structures have been used to engineer microscopic, muscle-driven machines, such as Harvard University's biohybrid stingray robot. In medical applications, they offer new alternatives for organ repair and augmentation, including biohybrid heart valves and esophageal scaffolds. Biohybrids are also promising in neural interfaces, where the goal is to create long-lasting, stable interaction between mechanical devices and brain tissue. Muscle-actuated drug response platforms are under exploration in pharmacology for modelling and real-time screening. == Examples == Several high-profile research projects have demonstrated the potential of biohybrid systems: Harvard researchers developed a biohybrid swimming ray powered by rat cardiac cells layered onto a gold skeleton, mimicking the motion of a real stingray. At the Massachusetts Institute of Technology, a cardiac pump actuated entirely by living heart muscle cells was engineered to simulate the behavior of a beating heart. Bio actuated soft robots have been built to simulate gut peristalsis, using muscle contractions to replicate natural wave-like movement in the digestive tract. == Challenges and limitations == As with many technologies that involve living systems, biohybrid systems raise important ethical and biomedical questions. Cell sourcing remains a key issue, particularly when embryonic or animal-derived cells are used. Long-term viability is another concern—living tissues must be kept alive with nutrients and oxygen, and they often degrade or elicit immune responses when implanted. Powering these biological parts presents logistical and ethical hurdles as well. Systems must either include internal mechanisms for nutrient delivery or be supported externally, which can limit portability and independence. == Future directions == Researchers are exploring self-directed, self-regulated organ substitutes and regenerative implants that can respond to their surroundings in real-time. These systems may be integrated with artificial intelligence to make them adjust to stimuli and coordinate complex behaviors. Future potential applications are wearable biohybrid systems for rehabilitation, space medicine devices for long-duration missions, and implantable devices that integrate into human physiology.
Social bot
A social bot, refers to fully or partially automated social media accounts designed to perform most regular users’ actions, such as liking, posting content, and chatting with other users. Although their levels of autonomy vary, and often include a human-in-the-loop, social bots can use artificial intelligence to perform social media actions and can use large language models to mimic human dialogue. Social bots can operate alone or in groups that coordinate messaging as part of a network of coordinated inauthentic behavior. Social bots are often used to perform ad fraud by artificially boosting viewership and engagement metrics and to spread disinformation on social media. == Uses == Social bots are used for a large number of purposes on a variety of social media platforms, including Twitter, Instagram, Facebook, and YouTube. One common use of social bots is to inflate a social media user's apparent popularity, usually by artificially manipulating their engagement metrics with large volumes of fake likes, reposts, or replies. Social bots can similarly be used to artificially inflate a user's follower count with fake followers, creating a false perception of a larger and more influential online following than is the case. The use of social bots to create the impression of a large social media influence allows individuals, brands, and organizations to attract a higher number of human followers and boost their online presence. Fake engagement can be bought and sold in the black market of social media engagement. Corporations typically use automated customer service agents on social media to affordably manage high levels of support requests. Social bots are used to send automated responses to users’ questions, sometimes prompting the user to private message the support account with additional information. The increased use of automated support bots and virtual assistants has led to some companies laying off customer-service staff. Social bots are also often used to influence public opinion. Autonomous bot accounts can flood social media with large numbers of posts expressing support for certain products, companies, or political campaigns, creating the impression of organic grassroots support. This can create a false perception of the number of people who support a certain position, which may also have effects on the direction of stock prices or on elections. Messages with similar content can also influence fads or trends. Many social bots are also used to amplify phishing attacks. These malicious bots are used to trick a social media user into giving up their passwords or other personal data. This is usually accomplished by posting links claiming to direct users to news articles that would in actuality direct to malicious websites containing malware. Scammers often use URL shortening services such as TinyURL and bit.ly to disguise a link's domain address, increasing the likelihood of a user clicking the malicious link. The presence of fake social media followers and high levels of engagement help convince the victim that the scammer is in fact a trusted user. Social bots can be a tool for computational propaganda. Bots can also be used for algorithmic curation, algorithmic radicalization, and/or influence-for-hire, a term that refers to the selling of an account on social media platforms. == History == Bots have coexisted with computer technology since the earliest days of computing. Social bots have their roots in the 1950s with Alan Turing, whose work focused on machine intelligence with the development of the Turing Test. The following decades saw further progress made towards the goal of creating programs capable of mimicking human behavior, notably with Joseph Weizenbaum’s creation of ELIZA. Considered to be one of the first Chatbots, ELIZA could simulate natural conversations with human users through pattern matching. Its most famous script was DOCTOR, a simulation of a Rogerian psychotherapist that was programmed to chat with patients and respond to questions. With the growth of social media platforms in the early 2000s, these bots could be used to interact with much larger user groups in an inconspicuous manner. Early instances of autonomous agents on social media could be found on sites like MySpace, with social bots being used by marketing firms to inflate activity on a user’s page in an effort to make them appear more popular. Social bots have been observed on a large variety of social media websites, with Twitter being one of the most widely observed examples. The creation of Twitter bots is generally against the site’s terms of service when used to post spam or to automatically like and follow other users, but some degree of automation using Twitter’s API may be permitted if used for “entertainment, informational, or novelty purposes.” Other platforms such as Reddit and Discord also allow for the use of social bots as long as they are not used to violate policies regarding harmful content and abusive behavior. Social media platforms have developed their own automated tools to filter out messages that come from bots, although they cannot detect all bot messages. == Legal regulation == Due to the difficulty of recognizing social bots and separating them from "eligible" automation via social media APIs, it is unclear how legal regulation can be enforced. Social bots are expected to play a role in shaping public opinion by autonomously acting as influencers. Some social bots have been used to rapidly spread misinformation, manipulate stock markets, influence opinion on companies and brands, promote political campaigns, and engage in malicious phishing campaigns. In the United States, some states have started to implement legislation in an attempt to regulate the use of social bots. In 2019, California passed the Bolstering Online Transparency Act (the B.O.T. Act) to make it unlawful to use automated software to appear indistinguishable from humans for the purpose of influencing a social media user's purchasing and voting decisions. Other states such as Utah and Colorado have passed similar bills to restrict the use of social bots. The Artificial Intelligence Act (AI Act) in the European Union is the first comprehensive law governing the use of Artificial Intelligence. The law requires transparency in AI to prevent users from being tricked into believing they are communicating with another human. AI-generated content on social media must be clearly marked as such, preventing social bots from using AI in a manner that mimics human behavior. == Detection == The first generation of bots could sometimes be distinguished from real users by their often superhuman capacities to post messages. Later developments have succeeded in imprinting more "human" activity and behavioral patterns in the agent. With enough bots, it might be even possible to achieve artificial social proof. To unambiguously detect social bots as what they are, a variety of criteria must be applied together using pattern detection techniques, some of which are: cartoon figures as user pictures sometimes also random real user pictures are captured (identity fraud) reposting rate temporal patterns sentiment expression followers-to-friends ratio length of user names variability in (re)posted messages engagement rate (like/followers rate) analysis of the time series of social media posts Social bots are always becoming increasingly difficult to detect and understand. The bots' human-like behavior, ever-changing behavior of the bots, and the sheer volume of bots covering every platform may have been a factor in the challenges of removing them. Social media sites, like Twitter, are among the most affected, with CNBC reporting up to 48 million of the 319 million users (roughly 15%) were bots in 2017. Botometer (formerly BotOrNot) is a public Web service that checks the activity of a Twitter account and gives it a score based on how likely the account is to be a bot. The system leverages over a thousand features. An active method for detecting early spam bots was to set up honeypot accounts that post nonsensical content, which may get reposted (retweeted) by the bots. However, bots evolve quickly, and detection methods have to be updated constantly, because otherwise they may get useless after a few years. One method is the use of Benford's Law for predicting the frequency distribution of significant leading digits to detect malicious bots online. This study was first introduced at the University of Pretoria in 2020. Another method is artificial-intelligence-driven detection. Some of the sub-categories of this type of detection would be active learning loop flow, feature engineering, unsupervised learning, supervised learning, and correlation discovery. Some operations of bots work together in a synchronized way. For example, ISIS used Twitter to amplify its Islamic content by numerous orchestrated accounts which further pushed an item to the Hot List news, thus further a
Data dictionary
A data dictionary, or metadata repository, as defined in the IBM Dictionary of Computing, is a "centralized repository of information about data such as meaning, relationships to other data, origin, usage, and format". Oracle defines it as a collection of tables with metadata. The term can have one of several closely related meanings pertaining to databases and database management systems (DBMS): A document describing a database or collection of databases An integral component of a DBMS that is required to determine its structure A piece of middleware that extends or supplants the native data dictionary of a DBMS == Documentation == The terms data dictionary and data repository indicate a more general software utility than a catalogue. A catalogue is closely coupled with the DBMS software. It provides the information stored in it to the user and the DBA, but it is mainly accessed by the various software modules of the DBMS itself, such as DDL and DML compilers, the query optimiser, the transaction processor, report generators, and the constraint enforcer. On the other hand, a data dictionary is a data structure that stores metadata, i.e., (structured) data about information. The software package for a stand-alone data dictionary or data repository may interact with the software modules of the DBMS, but it is mainly used by the designers, users and administrators of a computer system for information resource management. These systems maintain information on system hardware and software configuration, documentation, application and users as well as other information relevant to system administration. If a data dictionary system is used only by the designers, users, and administrators and not by the DBMS Software, it is called a passive data dictionary. Otherwise, it is called an active data dictionary or data dictionary. When a passive data dictionary is updated, it is done so manually and independently from any changes to a DBMS (database) structure. With an active data dictionary, the dictionary is updated first and changes occur in the DBMS automatically as a result. Database users and application developers can benefit from an authoritative data dictionary document that catalogs the organization, contents, and conventions of one or more databases. This typically includes the names and descriptions of various tables (records or entities) and their contents (fields), plus additional details, like the type and length of each data element. Another important piece of information that a data dictionary can provide is the relationship between tables. This is sometimes referred to in entity-relationship diagrams (ERDs), or if using set descriptors, identifying which sets database tables participate in. In an active data dictionary constraints may be placed upon the underlying data. For instance, a range may be imposed on the value of numeric data in a data element (field), or a record in a table may be forced to participate in a set relationship with another record-type. Additionally, a distributed DBMS may have certain location specifics described within its active data dictionary (e.g. where tables are physically located). The data dictionary consists of record types (tables) created in the database by systems generated command files, tailored for each supported back-end DBMS. Oracle has a list of specific views for the "sys" user. This allows users to look up the exact information that is needed. Command files contain SQL Statements for CREATE TABLE, CREATE UNIQUE INDEX, ALTER TABLE (for referential integrity), etc., using the specific statement required by that type of database. There is no universal standard as to the level of detail in such a document. == Middleware == In the construction of database applications, it can be useful to introduce an additional layer of data dictionary software, i.e. middleware, which communicates with the underlying DBMS data dictionary. Such a "high-level" data dictionary may offer additional features and a degree of flexibility that goes beyond the limitations of the native "low-level" data dictionary, whose primary purpose is to support the basic functions of the DBMS, not the requirements of a typical application. For example, a high-level data dictionary can provide alternative entity-relationship models tailored to suit different applications that share a common database. Extensions to the data dictionary also can assist in query optimization against distributed databases. Additionally, DBA functions are often automated using restructuring tools that are tightly coupled to an active data dictionary. Software frameworks aimed at rapid application development sometimes include high-level data dictionary facilities, which can substantially reduce the amount of programming required to build menus, forms, reports, and other components of a database application, including the database itself. For example, PHPLens includes a PHP class library to automate the creation of tables, indexes, and foreign key constraints portably for multiple databases. Another PHP-based data dictionary, part of the RADICORE toolkit, automatically generates program objects, scripts, and SQL code for menus and forms with data validation and complex joins. For the ASP.NET environment, Base One's data dictionary provides cross-DBMS facilities for automated database creation, data validation, performance enhancement (caching and index utilization), application security, and extended data types. Visual DataFlex features provides the ability to use DataDictionaries as class files to form middle layer between the user interface and the underlying database. The intent is to create standardized rules to maintain data integrity and enforce business rules throughout one or more related applications. Some industries use generalized data dictionaries as technical standards to ensure interoperability between systems. The real estate industry, for example, abides by a RESO's Data Dictionary to which the National Association of REALTORS mandates its MLSs comply with through its policy handbook. This intermediate mapping layer for MLSs' native databases is supported by software companies which provide API services to MLS organizations. == Platform-specific examples == Developers use a data description specification (DDS) to describe data attributes in file descriptions that are external to the application program that processes the data, in the context of an IBM i. The sys.ts$ table in Oracle stores information about every table in the database. It is part of the data dictionary that is created when the Oracle Database is created. Developers may also use DDS context from free and open-source software (FOSS) for structured and transactional queries in open environments. == Typical attributes == Here is a non-exhaustive list of typical items found in a data dictionary for columns or fields: Entity or form name or their ID (EntityID or FormID). The group this field belongs to. Field name, such as RDBMS field name Displayed field title. May default to field name if blank. Field type (string, integer, date, etc.) Measures such as min and max values, display width, or number of decimal places. Different field types may interpret this differently. An alternative is to have different attributes depending on field type. Field display order or tab order Coordinates on screen (if a positional or grid-based UI) Default value Prompt type, such as drop-down list, combo-box, check-boxes, range, etc. Is-required (Boolean) - If 'true', the value cannot be blank, null, or only white-spaces Is-read-only (Boolean) Reference table name, if a foreign key. Can be used for validation or selection lists. Various event handlers or references to. Example: "on-click", "on-validate", etc. See event-driven programming. Format code, such as a regular expression or COBOL-style "PIC" statements Description or synopsis Database index characteristics or specification
Information Networking Institute
Information Networking Institute (INI) is an academic department within the College of Engineering at Carnegie Mellon University. The institute was established in 1989 as the nation's first research and education center devoted to information networking. The INI also partners with research and outreach entities to extend educational and training programs to a broad audience of people using information networking as part of their daily lives. The INI is the educational partner of Carnegie Mellon CyLab, a university-wide, multidisciplinary research center involving more than 50 faculty and 100 graduate students. == Center of Academic Excellence Designations == Through the work of the INI and CyLab, Carnegie Mellon University has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Information Assurance/Cyber Defense Education (CAE-IA/CD) and a National Center of Academic Excellence in Information Assurance/Cyber Defense Research (CAE-R). It has also been designated by the NSA and the U.S. Cyber Command as a National Center of Academic Excellence in Cyber Operations (CAE-Cyber Ops). Through these designations, the INI and CyLab participate in the: Federal CyberCorps Scholarship for Service (SFS) Program - Students pursuing graduate degrees in information security (MSIS or MSISPM) are eligible for scholarships under the SFS program. Information Assurance Scholarship Program (IASP) - Students pursuing graduate degrees in information security and seeking careers with the Department of Defense may be eligible for scholarships under the IASP. Capacity Building Program for Faculty from Historically Black and Hispanic Serving Institutions - The INI and CyLab developed a month-long, in-residence summer program to help build information assurance education and research capacity at colleges and universities designated as Minority Serving Institutions – specifically, Historically Black Colleges and Universities (HBCUs) and Hispanic Serving Institutions (HSIs). This program is supported through a grant from the National Science Foundation. == Faculty and researchers == Faculty involved in teaching and advising in the INI programs are conducting research in all aspects of information networking and information security. Affiliated research centers are: Carnegie Mellon CyLab SEI's CERT Division == Alumni == The INI has graduated over 1,400 alumni who currently occupy positions in a variety of sectors across industry, government and academia.
LCD crosstalk
LCD crosstalk is a visual defect in an LCD screen which occurs because of interference between adjacent pixels. Owing to the way rows and columns in the display are addressed, and charge is pushed around, the data on one part of the display has the potential to influence what is displayed elsewhere. This is generally known as crosstalk, and in matrix displays typically occurs in the horizontal and vertical directions. Crosstalk used to be a serious problem in the old passive-matrix (STN) displays, but is rarely discernable in modern active-matrix (TFT) displays. A fortunate side effect of inversion (see above) is that, for most display material, what little crosstalk there is largely cancelled out. For most practical purposes, the level of crosstalk in modern LCDs is negligible. Certain patterns, particularly those involving fine dots, can interact with the inversion and reveal visible crosstalk. If you try moving a small Window in front of the inversion pattern (above) which makes your screen flicker the most, you may well see crosstalk in the surrounding pattern. Different patterns are required to reveal crosstalk on different displays (depending on their inversion scheme).
Point-to-point encryption
Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2PE standard are referred to as end-to-end encryption (E2EE) solutions. The objective of P2PE and E2EE is to provide a payment security solution that instantaneously converts confidential payment card (credit and debit card) data and information into indecipherable code at the time the card is swiped, in order to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment. == The standard == The P2PE Standard defines the requirements that a "solution" must meet in order to be accepted as a PCI-validated P2PE solution. A "solution" is a complete set of hardware, software, gateway, decryption, device handling, etc. Only "solutions" can be validated; individual pieces of hardware such as card readers cannot be validated. It is also a common mistake to refer to P2PE validated solutions as "certified"; there is no such certification. The determination of whether or not a solution meets the P2PE standard is the responsibility of a P2PE Qualified Security Assessor (P2PE-QSA). P2PE-QSA companies are independent third-party companies who employ assessors that have met the PCI Security Standards Council's requirements for education and experience, and have passed the requisite exam. The PCI Security Standards Council does not validate solutions. == How it works == As a payment card is swiped through a card reading device, referred to as a point of interaction (POI) device, at the merchant location or point of sale, the device immediately encrypts the card information. A device that is part of a PCI-validated P2PE solution uses an algorithmic calculation to encrypt the confidential payment card data. From the POI, the encrypted, indecipherable codes are sent to the payment gateway or processor for decryption. The keys for encryption and decryption are never available to the merchant, making card data entirely invisible to the retailer. Once the encrypted codes are within the secure data zone of the payment processor, the codes are decrypted to the original card numbers and then passed to the issuing bank for authorization. The bank either approves or rejects the transaction, depending upon the card holder's payment account status. The merchant is then notified if the payment is accepted or rejected to complete the process along with a token that the merchant can store. This token is a unique number reference to the original transaction that the merchant can use should they ever be needed to perform research or refund the customer without ever knowing the customer's card information (tokenization). There are also Qualified Integrator and Reseller (QIR) Companies, which are businesses authorized to "implement, configure, and/or support validated" PA-DSS Payment Applications, and perform qualified installations. == Solution providers == According to the PCI Security Standards Council:The P2PE solution provider is a third-party entity (for example, a processor, acquirer, or payment gateway) that has overall responsibility for the design and implementation of a specific P2PE solution, and manages P2PE solutions for its merchant customers. The solution provider has overall responsibility for ensuring that all P2PE requirements are met, including any P2PE requirements performed by third-party organizations on behalf of the solution provider (for example, certification authorities and key-injection facilities). == Benefits == === Customer benefits === P2PE significantly reduces the risk of payment card fraud by instantaneously encrypting confidential cardholder data at the moment a payment card is swiped or "dipped" if it is a chip card at the card reading device (payment terminal) or POI. === Merchant benefits === P2PE significantly facilitates merchant responsibilities: With a P2PE validated solution, merchants save significant time and money as PCI requirements may be greatly reduced. Payment Card Industry Data Security Standard (PCI DSS). For organizations who use a P2PE validated solution provider, the PCI Self Assessment Questionnaire is reduced from 12 sections to 4 sections and the controls are reduced from 329 questions to just 35. In the event of fraud, the P2PE Solution Provider, not the merchant, is held accountable for data loss and resulting fines that may be assessed by the card brands (American Express, Visa, MasterCard, Discover, and JCB). The PCI Security Standards Council does not assess penalties on Solution Providers or Merchants. The payment process with P2PE is quicker than other transaction processes, thus creating simpler and faster customer–merchant transactions. == Point-to-point encryption versus end-to-end encryption == === Point-to-point === A point-to-point connection directly links system 1 (the point of payment card acceptance) to system 2 (the point of payment processing). A true P2PE solution is determined with three main factors: The solution uses a hardware-to-hardware encryption and decryption process along with a POI device that has SRED (Secure Reading and Exchange of Data) listed as a function. The solution has been validated to the PCI P2PE Standard which includes specific POI device requirements such as strict controls regarding shipping, receiving, tamper-evident packaging, and installation. A solution includes merchant education in the form of a P2PE Instruction Manual, which guides the merchant on POI device use, storage, return for repairs, and regular PCI reporting. === End-to-end === End-to-end encryption as the name suggests has the advantage over P2PE that card details are not unencrypted between the two endpoints. If the endpoints are a PCI PED validated PIN pad and a POS acquirer, there is no opportunity for the card details to be intercepted. It is obviously important that the endpoints (the PED and gateway) are provided by PCI accredited organisations. == PCI point-to-point encryption requirements == The requirements include: Secure encryption of payment card data at the point of interaction (POI), P2PE validated application(s) at the point of interaction, Secure management of encryption and decryption devices, Management of the decryption environment and all decrypted account data, Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration, and usage.