Security#

Notes#

NVIDIA provides a reference architecture for Audio2Face-3D (A2F-3D) service, securely develops SW and publishes the containers securely. For production environments the end user is responsible for deploying, defining their trust boundaries, securing their deployments (logging, monitoring, patching, Authorization & Authentication, granular access control, securing communication channels, ensuring containers are secure and free from vulnerabilities..)

Input#

  • Input data file (Audio) may originate from outside the device where the A2F-3D service is running

  • Audio toxicity checks are not provided

Logging & Auditing#

Audio2Face-3D service doesn’t provide auditing capabilities. Although basic logging is provided, it is within the scope of the “Device Trust Boundary” and the service logs are limited to the container/device. Applications/Workflows that make use of the Audio2Face-3D service are responsible for logging and auditing

AI models#

  • The AI models come as part of the Audio2Face-3D container. In case of Audio2Face-3D NIM, models can be downloaded from NGC quick start

  • The AI models are not encrypted

Authentication & Authorization#

  • Audio2Face-3D service support Certificate based authentication. Please refer to the TLS support section for more details

  • By Default, authentication is disabled in Audio2Face-3D service. Refer to the TLS support to deploy Audio2Face-3D service with TLS to enable authentication

  • Customers are responsible for generating and managing their own certificates

  • Customers are responsible for creating keys securely with sufficient key strengths and securely storing them

  • Audio2Face-3D service doesn’t store certificates. In mTLS (Mutual TLS) with gRPC, the client certificate is NOT persistently stored by the A2F gRPC server. Instead, it is only used in-memory during the TLS handshake for authentication.

  • Certificate revocation checks OCSP(Online Certificate Status Protocol) and CRL(Certificate Revocation List) are not part of the functionality

Encryption#

  • Audio2Face-3D service provides TLS support via certificates. Please refer to the TLS support section for more details

  • TLS Handshake establishes an encrypted connection. The data is encrypted in transit

  • By Default, Audio2Face-3D service doesn’t encrypt the data for gRPC communication. Refer to the TLS support to deploy Audio2Face-3D service with TLS to enable encryption

Data collection#

  • Audio2Face-3D services don’t collect any sensitive information including any private user data

  • Input Audio data is processed to generate blendshapes and the audio is not stored

On this page