Virtual Credentials stored within the Safetrust Wallet act as Virtual Smartcards. As with any traditional PKI system, Public Keys are transferred to the local machine when the Virtual Smartcard is inserted into the reader, so that transactions using the Public Key can be conducted from the local machine. Any transaction that requires the Private Key is conducted within the mobile device using the secure channel. Unlike a typical soft certificate, the Private Key is not exportable by the end user and therefore remains protected at all times by the Safetrust Wallet.