Google targeted people's growing digital insecurity at its I/O developer conference this week with a number of new products that aim to protect communications and improve authentication.
Project Vault is a new hardware device created by Google's Advanced Technology and Products (ATAP) lab for people who need the absolute highest security for their communications. The device, which is packed in the form factor of a MicroSD card, is designed to provide encryption for sensitive data at rest, and allow end-to-end protection of streaming data (including streaming video) as well. The Vault card contains its own antenna, processor and operating system, which means that the device can authenticate directly with the Project Vault servers without requiring the use of other potentially insecure hardware.
The Vault hardware runs a special operating system called ARTOS that's focused on security. The chip comes with a bunch of cryptographic goodies built in, including support for signing, hashing and a hardware random number generator. Peiter ".mudge" Zatko, the leader of Project Vault, showed off an encrypted chat session between two Vault users on Friday.
Both users were able to see what the other was saying in plain text, but the server running the chat session between the two wasn't able to decode their conversation. Project Vault handled all the setup, and not even the users were able to see the private keys used to generate the encrypted session.
Like the rest of ATAP's projects, it's not clear if or when Vault will be making its appearance as a consumer product. Right now, the device is being used in a small 500-unit pilot program inside Google for security purposes, and ATAP is building a product for enterprise users. At a time when more people are concerned about security of their information and communications, the need for something like Vault is readily apparent.
Starting with the launch of Android M in the third quarter of this year, developers and manufacturers will be able to take advantage of system-level support for fingerprint sensors for things like unlocking phones, securing applications and making payments with the new Android Pay technology. It's a move that should make it easier for Android devices to sport the same sort of technology that powers Apple's Touch ID on the iPhone. Some Android device makers like Samsung have already begun using fingerprint sensors, but the new features in M will make it easier for developers to work with that hardware.
The company's ATAP lab has also been working on a pair of initiatives aimed at improving security in the long term. The first, called Project Abacus, is designed to do away with a reliance on passwords by using a variety of factors to determine whether a user is who they say they are.
Sign up for Computerworld eNewsletters.