SafeHouse can turn an ordinary USB memory stick or flash disk into a virtual smartcard. Software built into SafeHouse simulates the functions of a physical smartcard, giving you nearly all of the benefits of a real smartcard, with the convenience of using an off-the-shelf USB device you probably already have laying around your office.
You must initialize a USB device to be used as a virtual smartcard using the Create Virtual Smartcard dialog described below. If you fail to do this, SafeHouse will not recognize the device as a compatible smartcard.
This feature requires that you first enable the use of virtual smartcards. Instructions for doing so are included at the bottom of this page.
You might be wondering what the differences are between SafeHouse's virtual smartcards and real smartcards which contain on-board computer chips. Within SafeHouse, the differences are actually few; however, SafeHouse's smartcards only work within SafeHouse, whereas cards and devices from other commercial solution providers often work across a variety of software platforms.
Real smartcards often perform a number of features not needed by SafeHouse. SafeHouse only implements the features it specifically requires. For example, SafeHouse smartcards cannot be used to sign documents or log into other unrelated services.
Smartcards with on-board computer chips typically lock the card from being used again if the PIN is entered incorrectly so many times in a row - typically 15 times. This allows you to use shorter PINs since some small number of wrong guesses at hacking your password will cause the device to stop working until an administrator resets it. In contrast, since SafeHouse uses standard Windows files, the concept of locking up after so many bad PIN entries does not apply since people could make copies of the files and keep on trying new passwords. The solution, of course, is simply to use a nice strong password that is 8 or more characters.
SafeHouse implements the cryptographic functions for the smartcard using programming code which runs under Windows. Real smartcards perform these same functions within the card using the on-board computer chip, and any attempt to physically open the card or device destroys its contents. In theory, experts would therefore claim that true smartcards are less vulnerable to attack by super-determined intruders with unlimited resources and special equipment.
SafeHouse only needs about 200KB of space on the memory stick to save its .SMART file which simulates the smartcard. You can still use the rest of the space on your device how ever you choose.
SafeHouse will create a root folder on the device named SafeHouse. The SafeHouse.smart smartcard file will be saved to this folder. When using the USB device as a smartcard, SafeHouse will only attempt to read the one file named SafeHouse.smart. Any other .SMART files that you may have copied to this same folder will be ignored.
By only looking at this one specifically-named file, SafeHouse can always locate the file on its own as you play musical chairs with your USB devices.
Right click on the SafeHouse system tray padlock icon.
Choose the Tools & Options menu item.
Click the Options tab.
Click the Options button to display the Smartcard Properties dialog.
Click the Virtual Smartcard tab.
Click the Create button (see picture at bottom of this page).
Fill out this form and click Save to accept.
Type a short name or description for this virtual smartcard. This name will be displayed in a variety of SafeHouse's dialogs to help you distinguish one card from another.
Choose your password. We recommend at least 8 characters; preferably 10 or more.
See How to Change a Password for a list of tips for choosing strong passwords.
Type your password again to make sure you've got it right.
Select the Windows drive letter where you USB device is located.
If your device is not yet plugged in, please do so and the drop list will be updated to reflect its new drive letter. You'll still need to select it as the desired target device.
When available, some basic information about the selected device is displayed to the right of the Drive drop list.
Technically, SafeHouse will allow you to select drives which are not USB drives. In this case, the serial number association logic is disabled, but everything else will work as expected. This opens up the possibility of you keeping all of your passwords stored in a virtual smartcard located right on your main C: drive; which has the benefit of only needing to remember one PIN, but without needing to keep a USB device in your pocket.
Nearly all modern USB devices include a serial number embedded into the hardware. SafeHouse is able to use this information to tightly-associate the virtual smartcard you're about to create with this very specific USB device (by serial number).
When this feature is enabled, the serial number for the USB device is embedded into the .SMART virtual smartcard file in such a way that you'll only be able to open this file when this very same USB device is plugged into your PC. This is commonly known as two-factor authentication, because both the password in this specific USB device will be required to use the virtual smartcard.
Note that the requirement here is that the same USB device be plugged into the PC, not that the .SMART file be physically located on that device; although in practice, this will nearly always be the case. All that's really important is that the device be present to prove you've got physical possession of it.
Virtual smartcards keyed to a serial number can still be copied or backed up to other devices or hard drives. You just won't be able to open them from these other locations. You'll need to copy them back to their associated USB device to use them once again within SafeHouse; or at least plug that same device into your system to prove you have possession of it.
This field will be disabled if SafeHouse cannot obtain the serial number for the selected drive letter or certain minimum compatibility requirements are not met.
This feature requires Windows XP or later.
This screen shows where you'll find the button to launch the Create Virtual Smartcard dialog.
To use virtual smartcards in SafeHouse, you'll need to select them in the smartcard configuration drop list pictured below. This tab is accessed from the system tray utility.
SafeHouse can auto-type your smartcard PIN from a text file stored on your memory stick. This feature only works when using SafeHouse's virtual smartcards, and there are some important security points you should understand before using this option.
If you write your PIN to a readable file on your virtual smartcard, anyone who gains possession of your memory stick will have access to your PIN, and consequently, your SafeHouse volumes.
You might wonder why we've implemented a feature with such obvious security concerns -- it's because so many of our customers have requested it. Our policy is that as long as you're aware of the pitfalls, the choice is yours to make. In this case, the memory stick behaves more like your car key; possession is all that is needed to use it.
Create your SafeHouse virtual smartcard on a memory stick in the usual way.
Use the Windows Notepad text editor to create
a file named PIN.TXT
in the SafeHouse folder of your memory stick.
This file must contain your PIN -- nothing else.
SafeHouse will then retrieve your PIN from this file instead of prompting you to type it manually.
Delete the PIN.TXT file from your memory stick.
Use SafeHouse to change the PIN for your USB smartcard to make sure the old PIN can no longer be used.