SecuGen Connect
Enterprise-ready

Biometric trust,engineered for scale.

SecuGen Connect License Server is the control plane for secure biometric operations, seat governance, and revenue-grade billing.

License ControlJWT · ACTIVE
1,248active seats
Cloud Matchp50 · 42ms
99.982%uptime · 30d
Offline MatchingAIR-GAPPED
0.3savg response
How it works

A schematic for biometric identity — drawn thin, wired precisely.

Three pathways flow through a single control plane. Each line is explicit, each node is accountable, each packet is auditable end-to-end.

Your App
Client integration
Local SecuGen Connect
Biometric bridge
Fingerprint Device
Hardware endpoint
Path · 01

License Control

JWT activate / refresh / revoke between client, bridge, and server.

Path · 02

Cloud Matching

Templates travel encrypted to the cloud matcher; result returns in <100ms p95.

Path · 03

Local Offline Matching

Air-gapped match, fully local. No egress. Auditable on reconnect.

Legacy
"Is the key valid?"
Binary · Stateless · Opaque
Modern
"Can identity stay secure, available, and auditable?"
Contextual · Governed · Provable
Enterprise Solutions

Run governance and operations from one secure execution model.

SecuGen Connect combines policy controls, lifecycle automation, and auditable biometric workflows so platform, security, and revenue teams move in sync.

Cryptographic Policy Engine

Set TTL, refresh windows, feature scope, and grace rules centrally. Ed25519/RS256 signing keeps runtime validation tamper-resistant.

Seat and Identity Governance

Issue, activate, suspend, and revoke seat entitlements with complete auditability across customer and operator accounts.

Operational Guardrails

Rate limiting, brute-force defenses, and strict origin/session controls reduce attack surface without slowing delivery teams.

Capture-to-Decision Workflow

Standardized API contracts align enrollment, verification, and support processes across web, desktop, and service integrations.

Billing-linked Entitlements

Checkout, payment state, and entitlement activation stay synchronized so monetization and product access remain consistent.

Audit-ready Traceability

Request/response telemetry and session events are retained in a compliance-aligned trail for incident response and governance reporting.

Meet SecuGen Connect

Fingerprints in any app, without the friction.

A fingerprint SDK-as-a-service built for teams that want to ship. Skip the driver maze and the vendor-specific SDK installs — write code, call an API, done.

Capture

Talk to any supported SecuGen reader through one local bridge. No bespoke driver code per application.

Match

Enroll and verify with standard template formats (ANSI378, ISO19794_2, SG400). Templates stay on-device unless you opt in.

Integrate

One REST + loopback API. Works from React, .NET, Python, Go, Swift, Kotlin — every stack your team already uses.

How it works in 60 seconds

1

Install the Connect Bridge

Run the bridge on the machine that has the reader plugged in. One installer, no configuration required.

2

Discover the bridge

Your app scans 127.0.0.1:4499 down through 4494 with SGDISC /v1/discover. Nothing leaves the machine unless you want it to.

3

Capture, enroll, verify

Discovery plus standard REST endpoints, zero device-specific code. The hosted Connect demo shows the full capture, enrollment, and match flow end-to-end.

For developers

Discovery plus REST, any language.

Use the custom discovery verb to find the bridge, then call ordinary JSON endpoints.

// 1 — Discover the local bridge
const disc = await fetch('http://127.0.0.1:4499/v1/discover',
  { method: 'SGDISC' }).then(r => r.json());
const base = disc.baseUrl; // scan 4499..4494 if this port is busy

// 2 — Start a short-lived bridge session
const s = await fetch(base + '/v1/session/start', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ client: { name: 'my-app', version: '1.0' } })
}).then(r => r.json());

// 3 — Capture a fingerprint template
const cap = await fetch(base + '/v1/fingerprint/capture', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer ' + s.sessionToken,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    nonce: crypto.randomUUID(),
    templateFormat: 'ANSI378'
  })
}).then(r => r.json());

// 4 — Compare against an enrolled template
const match = await fetch(base + '/v1/match/score', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer ' + s.sessionToken,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    template1: { format: cap.templateFormat, dataBase64: cap.templateBase64 },
    template2: enrolledTemplate,
    securityLevel: 2
  })
}).then(r => r.json());

What you get out of the box

One API — any device, any language
Templates stay local by default
No driver headaches
Free to start — download & go
Bring-your-own or hosted license server
Signed entitlements, Ed25519 keys

Where it fits

Banking & KYC

Teller workstations, branch kiosks, and customer-not-present onboarding flows.

Healthcare

Patient check-in, clinician authentication, and medication-dispense verification.

Retail & Workforce

Point-of-sale, clock-in, and loyalty sign-ups — anywhere a password is too much friction.

Technical Brief

One Service.Every Language.

Unified fingerprint verification through a single local API endpoint — implemented in any programming language, without fragile native dependencies.

SecuGen Connect SDK
const url = "http://localhost:8099";

// Perform exact match verification
const isMatch = await fingerprint.verify({
  template: storedTemplate,
  mode: "1:1"
});
Matching Succeeded100% biometric match verified

Encryption

End-to-end protected
TLS 1.3AES-256mTLS-ready

Latency

Sub-second match
<100ms

Reach

One stack, every OS

Footprint

Lean and self-contained
50MB install80MB RAM0 deps
Why SecuGen Connect

Library-first → service-first, with one stable API.

SecuGen Connect replaces the library-first model with a local HTTP service and one stable API contract.

Universal Support

Consistent integration path across Java, Python, C#, Node.js, and Rust. No more platform-specific bindings per language.

Security First

Built for GDPR. Local data validation supports 100% offline operation, ensuring data privacy and continuous performance.

Tech Stability

Avoids fragile native dependencies with a secure local service endpoint. No more version drift across platforms.

Business Gain

Lower integration costs and faster issue isolation. Simpler rollout, fewer moving parts, faster release cycle.

Capabilities

What SecuGen Connect does

Universal Language Support

Java, Python, C#, Node.js, Go, Rust — if it can make an HTTP call, it works with SecuGen Connect.

Cross-Brand Template Hub

Submit fingerprint images from any device and generate ANSI/ISO standard templates through our engine.

Built-in 1:N Matching

Enroll thousands and identify them locally in milliseconds using an integrated SQL-powered matching engine.

Web-Native & Multi-Platform

Works in Chrome, Edge, and Firefox out of the box. Runs natively on Windows, Linux, and Android; ships as WebAssembly.

Enterprise Security

Local TLS 1.2+ (TLS 1.3 available), AES-GCM encrypted minutiae storage, strict CORS, tamper-evident audit logs.

Cross-Platform Shared Core

Session management, replay prevention, rate limiting, and template orchestration run in the same WebAssembly core.

Cloud Licensing

Centralized on-site license management with JWT validation. Subscription, perpetual, and bulk licensing models.

Works on Desktop

Runs as a native desktop service with full hardware access. No external dev dependencies for day-to-day operation.

Works Offline

Capture, match, and identify without an internet connection. Online access is needed only for initial license activation.

Migration Scope

SDKs you can replace with SecuGen Connect

For teams in healthcare, fintech, and security SaaS — consolidate legacy fingerprint SDKs into one stable HTTP API.

Modernize SDK

DigitalPersona + VeriFinger

Bundled in enterprise identity systems. Proprietary, costly, requires constant vendor updates.

Legacy SDK → Retire

Griaule + IB Matcher

Requires Windows-specific .NET environments and breaks multi-platform deployments.

Break Vendor Lock-In

Aware AFIX/ID + Nitro

Designed for government use cases and often over-complicated for commercial deployments.

Unify

Embedded Morpho / BioManager

Tightly coupled to custom hardware, costly and inflexible for multi-vendor setups.

Simplify Multi-Factor

Innovatrics + NIST PIV

Powerful for high-compliance use cases but requires deep integration expertise.

Full Replace + Migrate

M2SYS + BiometricCloud

Cloud-only solutions; great for SaaS but lack local processing options for on-prem needs.

System Architecture

How it works

SecuGen Connect runs as a background service on the user's machine, bridging your app, the sensor hardware, and the cloud licensing server.

1. Client Layer
Desktop AppHTTP
Web BrowserJavaScript SDK
Mobile AppHTTP
2. Web Service
SecuGen Connect ServiceHTTP endpoint (localhost / remote) · Rust shared core
3. Infrastructure
Device AccessHardware · USB/HID · Serial
1:N EngineTemplate matching · enrollment · verification
License ServerCloud / on-premise · JWT validation
Technology

Built with

Rust (Shared Core)

Cross-platform core logic compiled to native binaries for Windows, Linux, and macOS.

Go (Backend)

Lightweight HTTP service that wraps the Rust core. Ultra-fast startup, minimal footprint.

SQLite

Embedded database for template storage and 1:N matching with zero external dependencies.

TLS 1.2 / 1.3

Encrypted local HTTP endpoints. AES-GCM encrypted minutiae storage.

TypeScript SDK

First-class type definitions (.d.ts) for JavaScript/TypeScript projects.

WebAssembly

Ships as WASM for browser plugins and agents, enabling cross-platform consistency.

Comparison

SecuGen Connect vs legacy Web API

How Connect differs from legacy SDK public endpoints — with backward-compatible hooks to simplify migration.

FeatureSecuGen ConnectLegacy Web API
PlatformWindows, macOS, Linux, Android, iOSWindows only
AuthenticationCORS + session-basedNone (no strict origin control)
Developer OnboardingHTTP API + standards (ANSI/ISO)ActiveX control or NPAPI plugins
Built-in MatchingBuilt-in encrypted 1:N SQLExternal matching (app-level)
Enrollment FlowBuilt-in enrollment UI (modal)Requires custom building flows
Licensing ModelBuilt-in cloud licensing (JWT)Perpetual key-based activation
Template InteropAny input becomes ANSI/ISOOffline SecuGen/WSQT templates
Works OfflineYes (offline-first by design)Yes, but no cloud licensing
Shared CoreWebAssembly-based architectureWindows-only C++ codebase
Environment CleanroomStateless API (zero local state)Stateful C# object lifecycle
Before & After

Developer experience

Before (Legacy Java SDK)

// Load native library
System.loadLibrary("SGFPLib");

// Initialize device
SGFingerPrintManager fpManager = new SGFingerPrintManager();
fpManager.Init(DEVICE_FDU04);
fpManager.OpenDevice(0);

// Capture
byte[] img = new byte[fpManager.ImageWidth * fpManager.ImageHeight];
fpManager.GetImage(img);

// Create template + match
byte[] tpl1 = new byte[400];
fpManager.CreateTemplate(null, img, tpl1);
boolean matched = fpManager.MatchTemplate(tpl1, tpl2, SG_FingerPrintSecurityLevel.NORMAL);
fpManager.CloseDevice();

After (SecuGen Connect)

// One HTTP call
const response = await fetch('http://localhost:8099/capture', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ mode: 'verify', templateA, templateB })
});

const { match, score } = await response.json();
Minimum Requirements & Footprint

Runs lean on the hardware you already have

Operating SystemWindows 10+, macOS 11+, Ubuntu 20.04+, Android 9+, iOS 13+
Supported DevicesAll SecuGen USB fingerprint readers (FDU series, Hamster series, etc.)
CPU Architecturex86_64 (Intel/AMD), ARM64 (Apple Silicon, ARM-based Android)
Browser SupportChrome 90+, Edge 90+, Firefox 88+, Safari 14+ (no plugins required)
RAM256 MB available (typical usage: 50–80 MB)
Runtime DependenciesNone — fully self-contained binary with embedded SQLite
Disk Space50 MB for installation · 100 MB for template DB (10k users)
Startup Time<2 seconds cold start · <500ms warm restart
NetworkLocal HTTP (localhost) or LAN-accessible endpoint
License ActivationCloud-based JWT validation — one-time internet required for initial setup

Note: High-volume enterprise deployments (10,000+ concurrent devices) should contact SecuGen for dedicated licensing and infrastructure guidance.

Download Center

Production artifacts in one controlled release surface

Field deployment without artifact guesswork. Every Connect Bridge runtime, SDK wrapper, and reference app is logged with its commit hash, size, and SHA256 checksum — ready for customer handoff across Windows, macOS, Linux, Android, and iOS.

Bridge0
SDK0
Checksums0
Open this tab to load the current runtime catalog.
Open this tab to load the current Connect SDK packages.
Open the catalog to load the current release inventory.
Catalog generated: - · Waiting

Try SecuGen Connect right now.

Checking bridge…
Version —

Capture & Enrollment

No device selected
Capture Settings · saved in metadata
Enroll Finger A
Tap Capture
No template yet
Enroll Finger B
Tap Capture
No template yet
Probe
Tap Capture
No template yet

1:1 Match Test

Capture at least one enrolled slot and the probe, then run a match.

Activity

--:--:--Ready. This tab refreshes automatically; click Refresh if you want to re-check the bridge right away.
Developer Guide

Build on SecuGen Connect — start here.

Architecture, the local bridge HTTP contract, browser integration, and migration paths for existing FDxSDK Pro / WebAPI / JSGFPLib applications. Each guide opens as a printable HTML page; the Print / Save PDF button uses your browser's print dialog so you can keep an offline copy.

Core

SecuGen Connect — Developer Guide

Architecture overview, integration model, and a quick-start walkthrough. Read this first if you're new to SecuGen Connect.

API Reference

Local Bridge API Contract

The stable loopback HTTP API: endpoints, request and response schemas, authentication model, error codes, and versioning policy.

Web

Browser Integration Guide

CORS preflight, Private Network Access, HTTP loopback, HTTPS fallback, and a recommended capture flow that degrades gracefully when the bridge is missing.

Migration

WebAPI Migration Guide

Move browser apps off the legacy SecuGen WebAPI onto Connect — drop-in shim, side-by-side coexistence, and a graduated migration sequence.

Native SDK

Native SDK Wrapper Guide

The Linux C API and Windows C# wrappers that let FDxSDK Pro applications target Connect with the same lifecycle and method names.

Print & PDF. Each guide opens in a new tab. Click Print / PDF on any guide to open your browser's print dialog — choose Save as PDF as the destination to download an offline copy. The print stylesheet strips chrome and optimizes layout for letter / A4.
Last built date: 2026-07-06 v0.4.30