Offline Biometric Authentication for Highway Worksites
A fully offline Android app that verifies worker identity by face — powered by a custom-trained MobileFaceNet (99.28% LFW) — with multi-challenge liveness detection, anti-spoofing, privacy-preserving BioHash templates, GPS geofencing, and NHAI Datalake 3.0 sync. No signal needed. No server. Works anywhere.
All processing on-device. Zero cloud dependencies. Works fully offline. 12 features engineered specifically for NHAI highway worksites.
We trained MobileFaceNet + ArcFace from scratch on 490K faces. 99.28% LFW accuracy — not an API, a model we own.
Three randomized challenges — blink, smile, head-turn — evaluated by ML Kit in real time. A replay video fails because order randomizes every session.
Native Kotlin Laplacian-variance texture analysis. Flat printed surfaces and screens have a distinct sharpness signature — they're blocked before matching.
The raw embedding is never stored. A salted random projection transforms it to a cancellable template. The original is discarded immediately.
Haversine distance from device GPS to configured site. Check-in is only accepted within the worksite radius — "attendance from home" is structurally impossible.
Helmet + hi-vis vest detection gates site entry. The daily check-in becomes a safety checkpoint — workers missing gear are flagged before they're admitted.
Every operation works with zero connectivity. A background engine pushes records to NHAI Datalake 3.0 with exponential-backoff retry when a signal returns.
On-device KPIs computed locally and offline. Liveness pass rate, match confidence, spoof blocks, PPE compliance, 7-day trend.
Optional Aadhaar with Verhoeff checksum validation. Masked in all UI (XXXX XXXX 1234). Aligned with Indian government ID standards.
AES-256-GCM at rest. 3-attempt lockout with 30-second cooldown. GDPR-style retention with automatic purge of expired records.
TTS voice prompts for all liveness challenges. High-contrast UI for outdoor sunlight. Large touch targets for gloved hands in the field.
2FA-protected admin login. Site management, threshold control, sync status, system health — all in a separate protected flow.
Not an API. Not a fine-tuned pretrained backbone someone else made. We trained MobileFaceNet with ArcFace on CASIA-WebFace and verified on LFW.
Seven stages, every one on-device, every one in Kotlin or TypeScript.
VisionCamera v5
front/back
ML Kit face
+ landmarks
3 random
challenges
Laplacian
variance
MobileFaceNet
128-D ONNX
Cosine + BioHash
verify
GPS fence +
attendance log
React Native + native Kotlin with a clean service layer. Each module has one responsibility and a clear contract.
Every attack vector we considered — and exactly how we blocked it.
| Threat | Attack Vector | Mitigation | Status |
|---|---|---|---|
| Photo spoof | Printed photo held to camera | Laplacian-variance texture analysis (native Kotlin) | ✓ BLOCKED |
| Screen replay | Video on another phone | Laplacian detects flat texture + active liveness | ✓ BLOCKED |
| Pre-recorded video | Video with correct movements | Randomized 3-of-4 challenge order every session | ✓ BLOCKED |
| Proxy attendance | One person for another | Face recognition (99.28% LFW) + 3-factor liveness | ✓ BLOCKED |
| Location fraud | GPS spoofing / remote work | Haversine geofence vs configured site radius | ✓ BLOCKED |
| Duplicate enrolment | Same person registers twice | CNN cosine similarity rejection at enrol | ✓ BLOCKED |
| Device theft | Physical access to device | AES-256-GCM encrypted store + lockout | ✓ BLOCKED |
| Biometric extraction | Stealing the template | BioHash ISO/IEC 24745 — raw vector never stored | ✓ BLOCKED |
| Brute force | Repeated auth attempts | 3-attempt lockout + 30 s cooldown | ✓ BLOCKED |
| Record tampering | Editing attendance logs | Server-timestamp validation + local audit trail | ✓ BLOCKED |
Purpose-built for this brief. Exceeds every constraint. Does things no existing system offers.
| Capability | ✓ NHAI Face Auth | Typical Systems |
|---|---|---|
| Works offline | Full offline — every feature on-device | Requires connectivity |
| Face model | Self-trained 99.28% LFW, 1.15 MB INT8 | Cloud API or 10–50 MB models |
| Template protection | BioHash ISO/IEC 24745 — raw face never stored | Raw embedding stored |
| Liveness | 3 randomized challenges + texture anti-spoof | Single factor or none |
| Device coverage | CNN + geometric fallback — every phone | Fails on unsupported ops |
| Safety integration | GPS geofence + PPE helmet/vest check | Attendance only |
| Privacy compliance | ISO/IEC 24745, AES-256-GCM, GDPR retention | Varies / none |
| Identity assurance | Aadhaar Verhoeff validation + masked display | Not integrated |
| Analytics | Live on-device dashboard — works offline | Cloud dashboard only |
| Model size | 1.15 MB (17× under the 20 MB limit) | 10–50 MB typical |
Clean API surface. One call covers auth + liveness + geofence + attendance + sync. Offline-first with delta push.
// Single call: face auth + liveness + geofence + attendance + sync import { FaceAuthModule } from './services/datalakeIntegration'; const result = await FaceAuthModule.markAttendance(imagePath); // result.authenticated — true / false // result.withinGeofence — true / false // result.attendanceAction — "CHECKED IN" / "CHECKED OUT" // result.matchScore — 0.0 – 1.0 // result.livenessPassed — true / false // result.spoofScore — 0.0 – 1.0 // result.bioHashVerified — true / false // Sync queued records when connectivity returns await FaceAuthModule.syncToServer();
Full source on GitHub. One Gradle command produces a standalone APK — no Metro, no server, no setup on the phone.
Download from GitHub Releases, copy to your Android phone, tap to install. Or use ADB directly.
adb install -r NHAI-FaceAuth.apkRequires Node 18+, JDK 17, Android SDK 35 + NDK (via Android Studio SDK Manager).
git clone https://github.com/DHR2206/NHAI_hackathon.git
cd FaceAuthApp/FaceAuthApp
npm installStandalone debug APK — bundles JS + ML models. Runs without Metro at runtime.
cd android
./gradlew assembleDebug
# output: app/build/outputs/apk/debug/Open the Kaggle notebook, attach CASIA-WebFace, GPU T4, Run All. Exports pt + onnx + int8 with automated constraints check.
FaceAuthApp/notebook/
mobilefacenet_training.ipynbA model we trained from scratch at 99.28% LFW, wrapped in an offline-first, privacy-first app that makes NHAI worksite attendance trustworthy — with or without a signal, in the harshest conditions India's highways can throw at it.