About the BSI API

The BSI API is used to access the services provided by applets stored on the card. Although released as a single DLL, BSI API functionality is divided into three providers, each of which provides access to a set of services implemented by the applets stored on the card.

  • Utility Provider – Provides utility services for obtaining a list of available card readers and establishing and terminating logical connections with a smart card. For further information, see section Utility Provider.

  • Generic Container Provider – Abstracts the storage semantics of the smart card applications with a simple interface for managing Generic Containers of data elements in tag/length/value format. For further information, see section Generic Container Provider.

  • Cryptographic Provider – Provides fundamental cryptographic services such as random number generation, authentication, and digital signature generation. For further information, see section Cryptographic Provider.

    Note: BSI is recommended only for very basic needs such as authentication to a card or access and usage of data stored in a dedicated applet. BSI may also be used to provide PKI services, but in order to use BSI in this way, the developer must have knowledge of the card data model.

For developing PKI-enabled applications, high-level cryptographic providers such as PKCS#11 or Microsoft Cryptography API (provided in the ActivClient Mini Driver) are recommended. Unlike the PKCS#11 API and ActivClient Mini Driver, which provide a high level of abstraction, the BSI API requires the application developer to know the smart card logical data model. Specifically, in order to make a call using the BSI API, the caller must know the AID of the applet instances.

Prerequisite: The BSI API is supported on platforms where ActivClient has been installed. Refer to the ActivID ActivClient for Windows Installation Guide for pre-requisites for ActivClient installation.

Use the BSI API if you are developing a multi-credential application.

Supports: PKI and static data such as personal information data. The BSI API and the PKCS#11 API are similar in functionality and scope. They differ in that PKCS#11 is a standard developed by RSA whereas BSI is a standard developed by the US government/NIST. PKCS#11 implements a higher level of abstraction of card objects and services than BSI, which is much lower level than PKCS#11. In addition, BSI supports SKI.

Languages: C, Java; HID Global provides samples in C and Java.

Description: ActivClient SDK's BSI API component is an implementation of the Basic Services Interface (BSI) included in the U.S. Government Smart Card - Interoperability Specifications (GSC-IS). The library included in ActivClient SDK implements a subset of BSI API v2.1. This API provides cryptographic, data storage, and utility services.


  • Provides support for:

    • Smart card cryptographic and data storage operations.

    • Smart card state and reader state management.

    • Data storage.

    • PIN management

  • Is recommended for developers who want to perform smart card cryptographic operations and/or some data storage. While the BSI API hides most of the complexity of working with smart cards, it requires more knowledge of smart cards than other ActivClient APIs require.

Topics on this page