TrustVault on your iPhone is used to sign transactions. In order to do so, we need to be sure you are you, so we store unique information on your phone, this information is stored in the Secure Enclave of your iPhone.

In order to send a transaction we want to make sure that it is really you who is approving the transaction, and we want be to confident it is coming from your device.
So when you submit a transaction you are asked for Touch/Face ID, which signs the transaction by signing the information stored in your secure enclave. 

No other device has that information, and this information cannot be taken out of your secure enclave, which is one of the most secure methods out there, for example, it has never been hacked. When combining the Secure Enclave with biometric information (Touch/Face ID) we are confident that you are signing this device on a phone that we trust. This makes it possible to make your phone act as a "key" with a very high level of security.

Here's a link to the Apple website explaining Touch ID and Face ID if you'd like to know more.

Did this answer your question?