Project Vault is a secure computer contained entirely on a micro SD sized device. Google’s ATAP said the micro SD format made sense because there’s already advanced security features on your phone, contained in the SIM card, which protects the things important to carriers. Vault is designed to be an equivalent, but designed to project a user’s important content.
They went with the micro SD form factor so that they could have more data throughput to project video, and they wanted storage (Vault has 4GB of data storage on board) and they wanted modularity, so you could take it wherever you wanted.
Onboard the Vault itself is an ARM processor running RTOS, a secure operating system focused on privacy and data security. It also has an NFC chip and an antenna (for proving that you are in control and that it’s correctly authorized). Finally, there’s a suite of cryptographic services, including hashing, signing, batch encryption and a hardware random number generator.[gallery ids="1164820,1164816,1164815,1164813,1164812,1164810,1164808"]
Vault provides two-factor auth in a way that’s easy enough for anyone to use, and developers don’t have to do anything to get stuff ready to work with it – the system sees it as generic storage device with a standard file system.
Said file system includes just two files, one for read and one for write, that any app has to go through in order to communicate with Vault. This also means that it works with any operating system, including Android, Windows, OS X and Linux, since essentially it’s just a generic storage device to the host computer or phone.
Today, ATAP is releasing the open source development kit so that people can understand and test it prior to it going live. They’ve also built an enterprise-targeted first product version that’s being used internally at Google right now, and there are plans to eventually make consumer-focused hardware, too.
In a demo, ATAP showed how Vault could be used to secure a chat conversation. Once the Vault micro SD is installed, the chat application just opens the virtualized two-file system with the read/write I/O. Vault takes care of encrypting the message and then sending it though as cypher text. The phones automatically decrypt the conversation, but never actually see any keys or algorithms on either end.