Multi-Modal Biometrics Go + ONNX Runtime

Identity,
verified.

Multi-modal biometrics platform for fingerprint, face, and document verification — built for national-scale identity programs.

A complete AFIS platform — from scanner to gallery. Edge agents capture biometrics in the field over mTLS, a unified server handles enrollment, matching, and deduplication, and an event bus keeps downstream systems in sync. Designed for SADC government and enterprise identity programs where accuracy, sovereignty, and uptime are non-negotiable.

Request a demo View case studies

< 1ms

1:1 verification

binary template matching

< 10ms

1:N identification

with LSH pre-filtering

106

OCR languages

including SADC region

128 B

template size

face biometric template

Capabilities

Three modalities, one platform

Fingerprint Matching

High-speed 1:1 verification and 1:N identification using binary cylinder-code encoding with hardware-accelerated similarity scoring.

Face Recognition

Neural face detection, embedding, and template-protected matching. Client-side liveness checks with server-side verification.

Document Intelligence

Multi-language OCR across 106 languages with automatic MRZ decoding for passports and ID cards. Face extraction from document photos.

Template Protection

Biometric templates are binarized and hashed before storage. Original biometric data is never persisted — only irreversible binary representations.

Real-Time Performance

Sub-millisecond 1:1 matching, sub-10ms 1:N search across large galleries. Hardware SIMD acceleration and GPU routing for peak throughput.

Edge to Cloud

Single Go binary with no external dependencies for server deployment. Compact models for mobile and browser-based capture via ONNX Runtime.

Pipeline

How it works

Every biometric interaction flows through a four-stage pipeline — from raw capture to protected, searchable template. Biometric data is transformed at each stage; the original is never stored.

Enrollment pipeline: Capture → Extract → Protect → Match

Modalities

Built-in depth

Each biometric modality is a complete, tested pipeline — from raw sensor input to match decision. No external SDKs, no cloud dependencies, no licensing fees.

Three modalities: Fingerprint, Face, and Document with key specifications

Architecture

Designed for production

A single Go binary serves the full API — fingerprint, face, document, and enrollment flows. ONNX Runtime provides cross-platform neural inference with automatic GPU acceleration where available.

Platform architecture: Client, API Gateway, Services, ONNX Inference, Template Store

                         ┌──────────────────────────────┐
                         │  Client (Web / Mobile / SDK)  │
                         └──────────────┬───────────────┘
                                        │ gRPC / Connect
            ┌───────────────────────────┼───────────────────────────┐
            │                           │                           │
   ┌────────┴────────┐       ┌────────┴────────┐       ┌────────┴────────┐
   │ Fingerprint RPCs │       │   Face RPCs    │       │ Document RPCs  │
   │ Search, Enroll,  │       │ Enroll, Verify │       │ Scan, Extract  │
   │ Verify, Dedup   │       │ Identify       │       │ MRZ, Fields    │
   └────────┬────────┘       └────────┬────────┘       └────────┬────────┘
            │                           │                           │
   ┌────────┴────────┐       ┌────────┴────────┐       ┌────────┴────────┐
   │ ONNX Extractor   │       │ ONNX Pipeline  │       │ ONNX OCR       │
   │ Minutiae → bMCC  │       │ Detect → Embed │       │ Detect → Read  │
   │ SIMD Hamming     │       │ → BioHash      │       │ → MRZ Parse    │
   └────────┬────────┘       └────────┬────────┘       └────────┬────────┘
            │                           │                           │
            └───────────────────────────┼───────────────────────────┘
                                        │
                         ┌──────────────┴───────────────┐
                         │  Binary Template Store       │
                         │  LSH Index · Blocker Index  │
                         │  O(1) lookup · Streaming I/O │
                         └──────────────────────────────┘

Quality

Tested with rigor

Every modality is validated against reference implementations, benchmarked on standard datasets, and regression-tested on each commit. Biometric systems don't get second chances — 96 tests across 6 modules, with race detection enabled.

Quality dashboard: performance benchmarks, accuracy metrics, and test coverage across all modules

Platform

Not just a library — a deployment platform

The biometric engine is only half the problem. The other half is getting fingerprints from scanners in the field into a secure, auditable, searchable gallery — reliably, at scale, across unreliable networks. That's what the AFIS platform solves.

Deployment architecture: edge agents, unified server, data layer with PostgreSQL, NATS, and Redis

Platform Capabilities

Production-grade, field-tested

Edge Agents

Lightweight agents deployed at enrollment sites connect to the server via mTLS-secured bidirectional gRPC streams. WAL-backed durability ensures zero data loss — even through power failures and network outages.

mTLS Everywhere

Every agent-to-server connection is mutually authenticated with per-site X.509 certificates. Provisioned via automated MSI packaging — no manual certificate management.

Event-Driven Integration

Domain events (enrollment approved, auth verified) are published to NATS JetStream with at-least-once delivery guarantees. Downstream consumers sync to legacy databases, trigger workflows, or feed analytics.

gRPC + REST APIs

Full gRPC API with auto-generated REST endpoints via gRPC-Gateway. Protocol Buffers define the contract — client libraries are generated, not hand-written.

Biometric Auth Codes

After successful biometric verification, the server issues signed JWT auth codes that decouple identity verification from payment processing. Single-use, time-limited, multi-key rotation.

Pluggable Match Engine

Swap between matching backends without changing a line of application code. Ship with the built-in engine, upgrade to bMCC cylinder-code matching when gallery sizes demand it.

Edge

Enrollment starts at the scanner

Each enrollment site runs a lightweight agent that manages local devices — fingerprint scanners, cameras, card readers. The agent is provisioned as a single MSI installer with embedded certificates. It connects home over any network, buffers locally when connectivity drops, and syncs automatically when the link is restored.

Edge agent lifecycle: boot, connect, capture, offline resilience

Integration

Three interfaces, one source of truth

The platform exposes gRPC for high-performance service-to-service calls, REST for browser and legacy integrations, and a NATS event stream for asynchronous consumers. All three are derived from the same Protocol Buffer definitions — the contract is the code.

API surface: gRPC services, REST endpoints, and NATS event subjects

Deployment

Your infrastructure, your data

Self-hosted by design. No cloud API calls, no per-transaction fees, no biometric data leaving your network. Deploy on-premise, in sovereign cloud, or at the edge.

Server

Single Go binary + ONNX models. Docker image included. gRPC and Connect-RPC APIs. Graceful shutdown, health checks, JWT auth.

Edge

Compact models (~17MB) for mobile and tablet enrollment stations. ONNX Runtime Mobile for Android/iOS. Offline-capable capture and matching.

GPU

CUDA auto-detection for neural inference. CPU fallback is seamless — same binary, same API. No code changes between CPU and GPU deployments.

Use Cases

Built for identity at scale

National ID Registration

Full enrollment flow: scan ID document, extract fields via OCR, capture live face, verify against document photo, enroll fingerprints. Duplicate detection across the gallery.

Border Control

1:1 verification of traveler against passport. MRZ auto-read, face cross-match with document photo, watchlist search in milliseconds.

Financial KYC

Document scan with OCR for customer onboarding. Face verification against ID photo. Biometric dedup to prevent duplicate accounts.

Access Control

Sub-millisecond 1:1 fingerprint or face verification. On-premise deployment with no external dependencies. Works offline at the edge.

Get started

Ready to build identity infrastructure?

Whether you're building a national ID system, upgrading border control, or adding biometric KYC — let's talk about what you need.