Biometric trust,engineered for scale.
SecuGen Connect License Server is the control plane for secure biometric operations, seat governance, and revenue-grade billing.
A schematic for biometric identity — drawn thin, wired precisely.
Three pathways flow through a single control plane. Each line is explicit, each node is accountable, each packet is auditable end-to-end.
License Control
JWT activate / refresh / revoke between client, bridge, and server.
Cloud Matching
Templates travel encrypted to the cloud matcher; result returns in <100ms p95.
Local Offline Matching
Air-gapped match, fully local. No egress. Auditable on reconnect.
Run governance and operations from one secure execution model.
SecuGen Connect combines policy controls, lifecycle automation, and auditable biometric workflows so platform, security, and revenue teams move in sync.
Cryptographic Policy Engine
Set TTL, refresh windows, feature scope, and grace rules centrally. Ed25519/RS256 signing keeps runtime validation tamper-resistant.
Seat and Identity Governance
Issue, activate, suspend, and revoke seat entitlements with complete auditability across customer and operator accounts.
Operational Guardrails
Rate limiting, brute-force defenses, and strict origin/session controls reduce attack surface without slowing delivery teams.
Capture-to-Decision Workflow
Standardized API contracts align enrollment, verification, and support processes across web, desktop, and service integrations.
Billing-linked Entitlements
Checkout, payment state, and entitlement activation stay synchronized so monetization and product access remain consistent.
Audit-ready Traceability
Request/response telemetry and session events are retained in a compliance-aligned trail for incident response and governance reporting.
Fingerprints in any app, without the friction.
A fingerprint SDK-as-a-service built for teams that want to ship. Skip the driver maze and the vendor-specific SDK installs — write code, call an API, done.
Capture
Talk to any supported SecuGen reader through one local bridge. No bespoke driver code per application.
Match
Enroll and verify with standard template formats (ANSI378, ISO19794_2, SG400). Templates stay on-device unless you opt in.
Integrate
One REST + loopback API. Works from React, .NET, Python, Go, Swift, Kotlin — every stack your team already uses.
How it works in 60 seconds
Install the Connect Bridge
Run the bridge on the machine that has the reader plugged in. One installer, no configuration required.
Discover the bridge
Your app scans 127.0.0.1:4499 down through 4494 with SGDISC /v1/discover. Nothing leaves the machine unless you want it to.
Capture, enroll, verify
Discovery plus standard REST endpoints, zero device-specific code. The hosted Connect demo shows the full capture, enrollment, and match flow end-to-end.
Discovery plus REST, any language.
Use the custom discovery verb to find the bridge, then call ordinary JSON endpoints.
// 1 — Discover the local bridge
const disc = await fetch('http://127.0.0.1:4499/v1/discover',
{ method: 'SGDISC' }).then(r => r.json());
const base = disc.baseUrl; // scan 4499..4494 if this port is busy
// 2 — Start a short-lived bridge session
const s = await fetch(base + '/v1/session/start', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ client: { name: 'my-app', version: '1.0' } })
}).then(r => r.json());
// 3 — Capture a fingerprint template
const cap = await fetch(base + '/v1/fingerprint/capture', {
method: 'POST',
headers: {
Authorization: 'Bearer ' + s.sessionToken,
'Content-Type': 'application/json'
},
body: JSON.stringify({
nonce: crypto.randomUUID(),
templateFormat: 'ANSI378'
})
}).then(r => r.json());
// 4 — Compare against an enrolled template
const match = await fetch(base + '/v1/match/score', {
method: 'POST',
headers: {
Authorization: 'Bearer ' + s.sessionToken,
'Content-Type': 'application/json'
},
body: JSON.stringify({
template1: { format: cap.templateFormat, dataBase64: cap.templateBase64 },
template2: enrolledTemplate,
securityLevel: 2
})
}).then(r => r.json());
What you get out of the box
Where it fits
Banking & KYC
Teller workstations, branch kiosks, and customer-not-present onboarding flows.
Healthcare
Patient check-in, clinician authentication, and medication-dispense verification.
Retail & Workforce
Point-of-sale, clock-in, and loyalty sign-ups — anywhere a password is too much friction.
One Service.Every Language.
Unified fingerprint verification through a single local API endpoint — implemented in any programming language, without fragile native dependencies.
const url = "http://localhost:8099";
// Perform exact match verification
const isMatch = await fingerprint.verify({
template: storedTemplate,
mode: "1:1"
});
Encryption
Latency
Reach
Footprint
Library-first → service-first, with one stable API.
SecuGen Connect replaces the library-first model with a local HTTP service and one stable API contract.
Universal Support
Consistent integration path across Java, Python, C#, Node.js, and Rust. No more platform-specific bindings per language.
Security First
Built for GDPR. Local data validation supports 100% offline operation, ensuring data privacy and continuous performance.
Tech Stability
Avoids fragile native dependencies with a secure local service endpoint. No more version drift across platforms.
Business Gain
Lower integration costs and faster issue isolation. Simpler rollout, fewer moving parts, faster release cycle.
What SecuGen Connect does
Universal Language Support
Java, Python, C#, Node.js, Go, Rust — if it can make an HTTP call, it works with SecuGen Connect.
Cross-Brand Template Hub
Submit fingerprint images from any device and generate ANSI/ISO standard templates through our engine.
Built-in 1:N Matching
Enroll thousands and identify them locally in milliseconds using an integrated SQL-powered matching engine.
Web-Native & Multi-Platform
Works in Chrome, Edge, and Firefox out of the box. Runs natively on Windows, Linux, and Android; ships as WebAssembly.
Enterprise Security
Local TLS 1.2+ (TLS 1.3 available), AES-GCM encrypted minutiae storage, strict CORS, tamper-evident audit logs.
Cross-Platform Shared Core
Session management, replay prevention, rate limiting, and template orchestration run in the same WebAssembly core.
Cloud Licensing
Centralized on-site license management with JWT validation. Subscription, perpetual, and bulk licensing models.
Works on Desktop
Runs as a native desktop service with full hardware access. No external dev dependencies for day-to-day operation.
Works Offline
Capture, match, and identify without an internet connection. Online access is needed only for initial license activation.
SDKs you can replace with SecuGen Connect
For teams in healthcare, fintech, and security SaaS — consolidate legacy fingerprint SDKs into one stable HTTP API.
DigitalPersona + VeriFinger
Bundled in enterprise identity systems. Proprietary, costly, requires constant vendor updates.
Griaule + IB Matcher
Requires Windows-specific .NET environments and breaks multi-platform deployments.
Aware AFIX/ID + Nitro
Designed for government use cases and often over-complicated for commercial deployments.
Embedded Morpho / BioManager
Tightly coupled to custom hardware, costly and inflexible for multi-vendor setups.
Innovatrics + NIST PIV
Powerful for high-compliance use cases but requires deep integration expertise.
M2SYS + BiometricCloud
Cloud-only solutions; great for SaaS but lack local processing options for on-prem needs.
How it works
SecuGen Connect runs as a background service on the user's machine, bridging your app, the sensor hardware, and the cloud licensing server.
Built with
Rust (Shared Core)
Cross-platform core logic compiled to native binaries for Windows, Linux, and macOS.
Go (Backend)
Lightweight HTTP service that wraps the Rust core. Ultra-fast startup, minimal footprint.
SQLite
Embedded database for template storage and 1:N matching with zero external dependencies.
TLS 1.2 / 1.3
Encrypted local HTTP endpoints. AES-GCM encrypted minutiae storage.
TypeScript SDK
First-class type definitions (.d.ts) for JavaScript/TypeScript projects.
WebAssembly
Ships as WASM for browser plugins and agents, enabling cross-platform consistency.
SecuGen Connect vs legacy Web API
How Connect differs from legacy SDK public endpoints — with backward-compatible hooks to simplify migration.
| Feature | SecuGen Connect | Legacy Web API |
|---|---|---|
| Platform | Windows, macOS, Linux, Android, iOS | Windows only |
| Authentication | CORS + session-based | None (no strict origin control) |
| Developer Onboarding | HTTP API + standards (ANSI/ISO) | ActiveX control or NPAPI plugins |
| Built-in Matching | Built-in encrypted 1:N SQL | External matching (app-level) |
| Enrollment Flow | Built-in enrollment UI (modal) | Requires custom building flows |
| Licensing Model | Built-in cloud licensing (JWT) | Perpetual key-based activation |
| Template Interop | Any input becomes ANSI/ISO | Offline SecuGen/WSQT templates |
| Works Offline | Yes (offline-first by design) | Yes, but no cloud licensing |
| Shared Core | WebAssembly-based architecture | Windows-only C++ codebase |
| Environment Cleanroom | Stateless API (zero local state) | Stateful C# object lifecycle |
Developer experience
Before (Legacy Java SDK)
// Load native library
System.loadLibrary("SGFPLib");
// Initialize device
SGFingerPrintManager fpManager = new SGFingerPrintManager();
fpManager.Init(DEVICE_FDU04);
fpManager.OpenDevice(0);
// Capture
byte[] img = new byte[fpManager.ImageWidth * fpManager.ImageHeight];
fpManager.GetImage(img);
// Create template + match
byte[] tpl1 = new byte[400];
fpManager.CreateTemplate(null, img, tpl1);
boolean matched = fpManager.MatchTemplate(tpl1, tpl2, SG_FingerPrintSecurityLevel.NORMAL);
fpManager.CloseDevice();
After (SecuGen Connect)
// One HTTP call
const response = await fetch('http://localhost:8099/capture', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ mode: 'verify', templateA, templateB })
});
const { match, score } = await response.json();
Runs lean on the hardware you already have
Note: High-volume enterprise deployments (10,000+ concurrent devices) should contact SecuGen for dedicated licensing and infrastructure guidance.
Production artifacts in one controlled release surface
Field deployment without artifact guesswork. Every Connect Bridge runtime, SDK wrapper, and reference app is logged with its commit hash, size, and SHA256 checksum — ready for customer handoff across Windows, macOS, Linux, Android, and iOS.
Try SecuGen Connect right now.
Capture & Enrollment
No device selected1:1 Match Test
Activity
Build on SecuGen Connect — start here.
Architecture, the local bridge HTTP contract, browser integration, and migration paths for existing FDxSDK Pro / WebAPI / JSGFPLib applications. Each guide opens as a printable HTML page; the Print / Save PDF button uses your browser's print dialog so you can keep an offline copy.
SecuGen Connect — Developer Guide
Architecture overview, integration model, and a quick-start walkthrough. Read this first if you're new to SecuGen Connect.
Local Bridge API Contract
The stable loopback HTTP API: endpoints, request and response schemas, authentication model, error codes, and versioning policy.
Browser Integration Guide
CORS preflight, Private Network Access, HTTP loopback, HTTPS fallback, and a recommended capture flow that degrades gracefully when the bridge is missing.
WebAPI Migration Guide
Move browser apps off the legacy SecuGen WebAPI onto Connect — drop-in shim, side-by-side coexistence, and a graduated migration sequence.
Native SDK Wrapper Guide
The Linux C API and Windows C# wrappers that let FDxSDK Pro applications target Connect with the same lifecycle and method names.