Most likely, you cannot avoid using ActiveX, because, by apparent security reasons: a Web application does not have access to a client system, and the fingerprint reading is not a part of W3 standards implemented in browsers in a safe manner. Remember that personal fingerprint information is a very sensitive information, so passing it via insecure connection (HTTP) would be utterly dangerous. ActiveX components embedded in a browser (almost always IE) is the known hole in such protection. It's up to you to decide if you can trust this company, but keep in mind that security-savvy customers may deny using your services if they learn that you are using such thing as browse-embedded ActiveX. In all cases, it's desirable that you only used authentication technology based on HTTPS and have your user using X.509 (SSL) client certificates to access your site.
However, ask the manufacturer's customer support:
http://www.secugen.com/[
^],
http://www.secugen.com/support/index.htm[
^].
—SA