Pre-Personalization of PKI Cards and USB Tokens

Efficient Pre-Personalization of PKI Cards and USB Tokens. Generate and store PIN and PUKs in one single step

PrivacyPUK – Simple Pre-Personalization of PKI Cards, Generation of PUKs and PIN in One Step

PrivacyPUK allows Pre-Personalization of PKI Cards and USB Tokens in one simple step. PrivacyPUK generates PIN and PUKs (PIN Unblock Codes), stores them onto the card and prints a PIN-Mailer that can be handed over to the end-user of the card. The PUKs are encrypted and stored in a database. The help desk personnel can easily access the PUKs whenever needed.

PrivacyPUK provides the following functions:

  • Pre-personalize cards/tokens with PIN, PUKs and security parameters
  • Retrieve and manage PUKs
  • Key and access management for the PUK database

Pre-personalize cards/tokens
The Pre-Personalization of PKI Cards and USB Tokens process generates PIN and PUKs, based on the security policy of the organization. These values are being written onto the card. A configurable PIN-Mailer is printed at the same time. This PIN-Mailer should contain at least the new card PIN. The PUK values are also stored in the PrivacyPUK database.

All the critical parameters are configurable. These are e.g. length and complexity of PIN and PUK values, the number of PUKs and the PIN error counter. This counter defines how many wrong PIN entries are accepted before the card is blocked. The PIN Mailer is also configurable. With a template – generated with MS Word – the fixed and variable content of the printout can be easily customized.

Retrieve and manage PUKs
The PUKs must be used in the predefined sequence. The helpdesk can easily lookup the next PUK, if a user has blocked his or her card.

Key and access management for the PUK database
PrivacyPUK boosts comprehensive security features. The access to the database can be secured with a key. The PUKs can be encrypted before stored in the database. To control access and encryption, a set of keys can be defined by the administrator. The keys are stored onto a chip card or are entered manually on demand.

Systems requirements

PrivacyPUK is a Windows application (Windows 7 and 8). Two card readers or USB-Tokens are required. One for the license or key card and the other for the card/token to be personalized.

PrivacyPUK supports tokens/cards from Atos (CardOS 4.4 and 5) and Gemalto/SafeNet (330, 400, iKey2032, 4000 and 4100).

PrivacyPUK Flyer


More information


May 17, 2023
The primary goal of FIDO is to address the limitations and vulnerabilities of traditional password-based authentication systems. It introduces a standardized framework for strong authentication that is both secure and convenient for users.
Read more
July 9, 2021
JuBiter Blade is a slim, simple and extremely secure hardware wallet. It is designed in purpose of offering extreme security for crypto holders to manage their crypto assets.
Read more
January 14, 2021
With the HyTrust acquisition, customers can turn to Entrust for identity, encryption and security policy control, providing data protection and compliance for enterprises accelerating their digital transformations
Read more
December 16, 2020
Ergonomics Logo
This whitepaper gives a short overview of Cloud Computing. We highlight the common challenges when transitioning to Cloud Computing, and show how Ergonomics can support you in different scenarios and options of outsourcing traditional in-house IT services to the cloud.
Read more

Contact |


+41 58 311 1000



Headquarters Zürich

Ergonomics AG | Nordstrasse 15 | CH-8006 Zürich | Switzerland