DIY “Face ID” door lock using AWS Rekognition

DIY “Face ID” door lock using AWS Rekognition

DIY “Face ID”

I recently started to learn and explore the services at AWS, and the face recognition service seemed particularly interesting. In this post I want to share with you how I managed to build a “Face ID” door lock for the office.

I picked up the idea from a colleague who suggested that it would be nice if you wouldn’t need to carry keys when going back and forth between floors in the office.  A few days later I put the idea to the test and started this project.

Now that the finished “product” has been installed at the office a few months I can conclude that it is performing quite well and it’s appreciated by both colleagues and guests at the office. It offers a convenient alternative to bringing your keychain with your RFID-tag inside the office. For security concerns, it’s only used during office hours, and it only provides access to doors inside the office. You still need your tag to enter the building and entering the main entrance.

The setup is really not complicated, but the solution can be separated into three main components:

  • Raspberry Pi with camera
  • The lock actuator
  • AWS cloud

I tried to keep strict separation of concerns for each of the components. So each component has a specific purpose and does it’s thing independent of other components. I will explain each of these components separately.

System overview chart
System overview

Main unit

This is the only visible component, the unit that the user is interacting with. It takes a photo of the person trying to enter the door and provides voice feedback with personal greetings after successful identification.

The hardware consists of a raspberry pi 3 with a raspberry-camera module and a USB speaker. The standard Raspberry pi case with mounting hole for the camera made a discrete wall mountable product.
The USB speaker was modified to plug directly into the USB port at the bottom of the Raspberry Pi. I removed the cable and glued the USB-connector to the speaker case. The final touch is the mirror with a Face ID decal, mostly added for decoration.

Main unit with camera and voice feedback
Main unit with camera and voice feedback

The software on the Raspberry Pi is based on a standard Raspbian Linux. PM2 process manager is handling the startup and monitoring of the custom software for the Face ID service.

The Face ID service is a Python application using OpenCV library. It’s responsible for detecting a face from the camera feed. Note that it’s only detection, not recognition. In order to avoid excessive traffic on the cloud components I put great effort into tuning the sensitivity of the face detection. The tricky part here is to find the sweet spot for image resolution, sample rate, and detection parameters to achieve fast and accurate detection. The detection coordinates are also evaluated, the face has to be at a decent scale (normal distance from the camera) and consecutive detection of the face must be at the same approximate location. When a good sample of a face is detected the lambda is invoked with the face to be identified. The response from the lambda contains the recognition result alongside with the sentence to feedback to the user.

The voice feedback audio stream is  produced by using another cool and easy to use AWS service, AWS Polly. A request containing the text and the desired voice is all it takes to produce high quality synthesised speech as an audio stream.

AWS IoT enabled lock

This was really the easiest part in this project. This component has a very limited scope and responsibility, it’s basically just a remote controlled relay. The door already had an electronic lock controlled by the alarm system. So in order to make it an IoT enabled lock I only needed a relay to replicate a press on the unlock button on the inside.

The hardware needed for this component is a WiFi enabled esp8266 based micro controller with a relay shield. The micro controller I used is WeMos D1 mini. The low price (<$10) and small form factor has made them very popular in the makers and DIY:ers all over the world.

The device was provisioned as an AWS IoT Thing to enable safe communication to and from the cloud. AWS IoT is using the protocol called MQTT, a lightweight protocol that enables a loose coupling between the sender(publisher) and receiver(subscriber). I used Mongoose OS‘s firmware for the device. Mongoose also includes a web based IDE for programming and flashing the micro controller. The IDE also helps with the provisioning, associating the device with a specific certificate and selecting privileges for it.

When the provisioning was done I programmed the “Thing” to subscribe to a specific topic. Thats it! Now the relay attached to the lock can be actuated by sending a specific message to that topic. The IOT enabled lock could easily be used and actuated by other sources, manually with a remote control or maybe later I could create an Alexa skill for it.

Wemos D1 mini with relay shield
Wemos D1 mini with relay shield

The Cloud component

The brains of the solution is located in the cloud. A lambda handles the business logic and decides who gets in and who doesn’t. The overall behaviour of the service and the feedback to the user is decided in the lambda. The phrases for voice feedback is personalised with the identified name, and it’s randomised from a handful of predefined positive and negative phrases.

The main feature is of course the recognition service. I must say that i’m very impressed by the accuracy and performance of it!
I created a collection of faces based on a single profile image from each of my colleagues. The images provided from the door camera is low resolution (~640×480) and sub-optimal lighting conditions, but still the precision of recognition is surprisingly good. Only a handful of people (out of ~200) had issues with identification. These people had either really old profile images, or an image where the face wasn’t entirely visible. These issues was resolved by providing a better reference image.

Since each component of the solution handles a specific task independently, a great deal of flexibility is available in the Lambda. New features, such as the guest access, has beed added without having to change a single thing in the other components.

This Post Has 9 Comments

  1. Heinrich Faust

    Hmm. Seems like the security is limited. What would stop a person with bad intentions to just take e.g. your profile picture from this blog, print it and then access the lock by just putting the paper in front of the camera?

    1. Gustaf Nilklint

      Yes this is true. This limitation has been known from the very beginning of this project, and this is why the system is only available during office hours.
      In order to improve the security, and make this kind of attack more difficult, more/other sensors would be necessary. Kinect-sensor could be one option where the 3D capture can differentiate a face from a printed photo of a face.. This might be explored in the next version of the door-camera.

  2. Mg

    Thanks for sharing. I am working on similar project, can you share more information regarding this project.

    1. Gustaf Nilklint

      If you ask a more specific question I will do my best to answer it.

  3. Jesse Kotsch

    Thank you for sharing! I am interested in doing something similar. It sounds like you have about 200 people using your system. I was wondering if you are being charged by aws to use their services and if so what your operating costs are? It sounds like you only use aws for recognition and not detection which would minimize costs, is that correct? I was also wondering what your method was for adding/deleting users?

    I appreciate your help!

    1. Gustaf Nilklint

      You are correct, the detection is handled locally by openCV on the raspberry pi. I think it would add up significant cost to use AWS for detection.
      The monthly operating cost in our setup has below $10 and average at about $7 over the last year. So it’s quite cheap.

      The Collection of people is rebuild regularly and I use the internal employee database as datasource. The database is kept up-to-date by HR.

      I wish you the best of luck with your setup, Just do it!

  4. Anna

    Interesting post, thanks for sharing.

  5. Tomasz

    I wonder if you would be able to share some code – that would help creating similar system for those that start with Lambda, as I do….

Leave a Reply