Google's Advanced Technology and Projects group (ATAP) has come up with a way to protect a user's data more securely with hardware that works with existing smartphones and tablets. Project Vault takes the form of a microSD card, and though any device will be able to recognize it as a standard memory card, it will in fact hold a computer dedicated to protecting any data stored within it from any potential users of the device who aren't the owner of the card.
Onboard the card is an ARM-based computer running the ARTOS secure operating system,
reports TechCrunch, which can be used to perform hashing, signing, and batch-encryption on the data. A hardware random number generator, an NFC chip, and 4GB of storage is also held on the device, which can be the same physical size as a standard microSD card as well as use a slightly longer body for extra capacity.
The card does not require any extra software in order to be readable by the host device, which can be Android, Windows, or iOS, and can be immediately used to store app data without any extra programming by app developers. To add to security, Google is attempting to make Project Vault be able to detect if the user is the owner by checking how the device is being used, such as by looking at typing patterns, blocking off the data as unreadable for the host device if necessary.
An open source development kit has been
released, to allow manufacturers and security-conscious users to check how secure it is. Project Vault is still being tested internally, with an enterprise-focused version being used, though a consumer model is apparently in the works.