DIY “Face ID” door lock using AWS Rekognition

DIY “Face ID”

I recently started to learn and explore the services at AWS, and the face recognition service seemed particularly interesting. In this post I want to share with you how I managed to build a “Face ID” door lock for the office.

I picked up the idea from a colleague who suggested that it would be nice if you wouldn’t need to carry keys when going back and forth between floors in the office.  A few days later I put the idea to the test and started this project.

Now that the finished “product” has been installed at the office a few months I can conclude that it is performing quite well and it’s appreciated by both colleagues and guests at the office. It offers a convenient alternative to bringing your keychain with your RFID-tag inside the office. For security concerns, it’s only used during office hours, and it only provides access to doors inside the office. You still need your tag to enter the building and entering the main entrance.

The setup is really not complicated, but the solution can be separated into three main components:

  • Raspberry Pi with camera
  • The lock actuator
  • AWS cloud

I tried to keep strict separation of concerns for each of the components. So each component has a specific purpose and does it’s thing independent of other components. I will explain each of these components separately.

System overview chart

System overview

Main unit

This is the only visible component, the unit that the user is interacting with. It takes a photo of the person trying to enter the door and provides voice feedback with personal greetings after successful identification.

The hardware consists of a raspberry pi 3 with a raspberry-camera module and a USB speaker. The standard Raspberry pi case with mounting hole for the camera made a discrete wall mountable product.
The USB speaker was modified to plug directly into the USB port at the bottom of the Raspberry Pi. I removed the cable and glued the USB-connector to the speaker case. The final touch is the mirror with a Face ID decal, mostly added for decoration.

Main unit with camera and voice feedback

Main unit with camera and voice feedback

The software on the Raspberry Pi is based on a standard Raspbian Linux. PM2 process manager is handling the startup and monitoring of the custom software for the Face ID service.

The Face ID service is a Python application using OpenCV library. It’s responsible for detecting a face from the camera feed. Note that it’s only detection, not recognition. In order to avoid excessive traffic on the cloud components I put great effort into tuning the sensitivity of the face detection. The tricky part here is to find the sweet spot for image resolution, sample rate, and detection parameters to achieve fast and accurate detection. The detection coordinates are also evaluated, the face has to be at a decent scale (normal distance from the camera) and consecutive detection of the face must be at the same approximate location. When a good sample of a face is detected the lambda is invoked with the face to be identified. The response from the lambda contains the recognition result alongside with the sentence to feedback to the user.

The voice feedback audio stream is  produced by using another cool and easy to use AWS service, AWS Polly. A request containing the text and the desired voice is all it takes to produce high quality synthesised speech as an audio stream.

AWS IoT enabled lock

This was really the easiest part in this project. This component has a very limited scope and responsibility, it’s basically just a remote controlled relay. The door already had an electronic lock controlled by the alarm system. So in order to make it an IoT enabled lock I only needed a relay to replicate a press on the unlock button on the inside.

The hardware needed for this component is a WiFi enabled esp8266 based micro controller with a relay shield. The micro controller I used is WeMos D1 mini. The low price (<$10) and small form factor has made them very popular in the makers and DIY:ers all over the world.

The device was provisioned as an AWS IoT Thing to enable safe communication to and from the cloud. AWS IoT is using the protocol called MQTT, a lightweight protocol that enables a loose coupling between the sender(publisher) and receiver(subscriber). I used Mongoose OS‘s firmware for the device. Mongoose also includes a web based IDE for programming and flashing the micro controller. The IDE also helps with the provisioning, associating the device with a specific certificate and selecting privileges for it.

When the provisioning was done I programmed the “Thing” to subscribe to a specific topic. Thats it! Now the relay attached to the lock can be actuated by sending a specific message to that topic. The IOT enabled lock could easily be used and actuated by other sources, manually with a remote control or maybe later I could create an Alexa skill for it.

Wemos D1 mini with relay shield

Wemos D1 mini with relay shield

The Cloud component

The brains of the solution is located in the cloud. A lambda handles the business logic and decides who gets in and who doesn’t. The overall behaviour of the service and the feedback to the user is decided in the lambda. The phrases for voice feedback is personalised with the identified name, and it’s randomised from a handful of predefined positive and negative phrases.

The main feature is of course the recognition service. I must say that i’m very impressed by the accuracy and performance of it!
I created a collection of faces based on a single profile image from each of my colleagues. The images provided from the door camera is low resolution (~640×480) and sub-optimal lighting conditions, but still the precision of recognition is surprisingly good. Only a handful of people (out of ~200) had issues with identification. These people had either really old profile images, or an image where the face wasn’t entirely visible. These issues was resolved by providing a better reference image.

Since each component of the solution handles a specific task independently, a great deal of flexibility is available in the Lambda. New features, such as the guest access, has beed added without having to change a single thing in the other components.

4 Comments

  1. Heinrich Faust

    Hmm. Seems like the security is limited. What would stop a person with bad intentions to just take e.g. your profile picture from this blog, print it and then access the lock by just putting the paper in front of the camera?

    • Gustaf Nilklint

      Yes this is true. This limitation has been known from the very beginning of this project, and this is why the system is only available during office hours.
      In order to improve the security, and make this kind of attack more difficult, more/other sensors would be necessary. Kinect-sensor could be one option where the 3D capture can differentiate a face from a printed photo of a face.. This might be explored in the next version of the door-camera.

  2. Mg

    Hey
    Thanks for sharing. I am working on similar project, can you share more information regarding this project.

Leave a Reply