NHAI HACKATHON 7.0 · DATALAKE 3.0 READY

NHAI Face Auth

Offline Biometric Authentication for Highway Worksites

A fully offline Android app that verifies worker identity by face — powered by a custom-trained MobileFaceNet (99.28% LFW) — with multi-challenge liveness detection, anti-spoofing, privacy-preserving BioHash templates, GPS geofencing, and NHAI Datalake 3.0 sync. No signal needed. No server. Works anywhere.

99.28%

LFW Accuracy

1.15 MB

INT8 Model Size

63 ms

Per-Face Inference

490,623

Training Images

128-D

Embeddings

100%

Offline Capable

⬇ Download APK View Source on GitHub Technical Document

🌐 This page is live — share it with the judges

Full submission page with all features, model details, screenshots and architecture

eartherai.github.io/FaceAuthApp

What It Does

Every capability — built for the field

All processing on-device. Zero cloud dependencies. Works fully offline. 12 features engineered specifically for NHAI highway worksites.

🧠

Custom Face Recognition

We trained MobileFaceNet + ArcFace from scratch on 490K faces. 99.28% LFW accuracy — not an API, a model we own.

128-D L2-normalised CNN embeddings
Eye-aligned ArcFace 112×112 crop
Cosine similarity + adaptive threshold
Duplicate detection at enrolment

👁️

Active Liveness Detection

Three randomized challenges — blink, smile, head-turn — evaluated by ML Kit in real time. A replay video fails because order randomizes every session.

Baseline-relative head-turn (any angle)
Live progress bar — guides users clearly
Eye-open + smile probability thresholds
Randomised to defeat replay attacks

🛡️

Anti-Spoofing

Native Kotlin Laplacian-variance texture analysis. Flat printed surfaces and screens have a distinct sharpness signature — they're blocked before matching.

Spoof score [0,1] — blocks below 0.30
Sub-10 ms, fully native Kotlin
Shown as live badge in auth results

🔐

BioHash Privacy (ISO/IEC 24745)

The raw embedding is never stored. A salted random projection transforms it to a cancellable template. The original is discarded immediately.

Cancellable: revoke without re-enrolment
Dual verification: cosine + BioHash
Database breach leaks nothing reconstructable
AES-256-GCM encryption at rest

📍

GPS Geofencing

Haversine distance from device GPS to configured site. Check-in is only accepted within the worksite radius — "attendance from home" is structurally impossible.

Configurable radius per site
GPS coordinates in every auth log
In/out-of-bounds flag on each event

🦺

PPE Compliance

Helmet + hi-vis vest detection gates site entry. The daily check-in becomes a safety checkpoint — workers missing gear are flagged before they're admitted.

On-device detection — no cloud
Confidence scores for each item
Configurable: warn or hard-block mode

📡

Offline-First Sync

Every operation works with zero connectivity. A background engine pushes records to NHAI Datalake 3.0 with exponential-backoff retry when a signal returns.

All writes to encrypted local store first
Connectivity watcher triggers sync
Delta push — only changed records
Server-wins conflict resolution

📊

Live Analytics Dashboard

On-device KPIs computed locally and offline. Liveness pass rate, match confidence, spoof blocks, PPE compliance, 7-day trend.

Liveness pass rate · spoof blocks
Avg match confidence · geofence compliance
7-day trend chart
Adaptive threshold monitoring

🆔

Aadhaar Linkage

Optional Aadhaar with Verhoeff checksum validation. Masked in all UI (XXXX XXXX 1234). Aligned with Indian government ID standards.

Verhoeff algorithm catches transpositions
Masked in all UI displays
Stored encrypted with the worker record

🔒

Encryption & Lockout

AES-256-GCM at rest. 3-attempt lockout with 30-second cooldown. GDPR-style retention with automatic purge of expired records.

AES-256-GCM authenticated encryption
3-attempt lockout + 30 s cooldown
Auto-purge expired biometric records

🗣️

Hindi / English Localization

TTS voice prompts for all liveness challenges. High-contrast UI for outdoor sunlight. Large touch targets for gloved hands in the field.

All challenges spoken in Hindi + English
Min 48dp touch targets
High-contrast outdoor dark theme

🛠️

Admin Console

2FA-protected admin login. Site management, threshold control, sync status, system health — all in a separate protected flow.

2FA admin login
Site + geofence configuration
Model threshold controls
System health + sync status

The AI We Built

A real custom model — trained from scratch

Not an API. Not a fine-tuned pretrained backbone someone else made. We trained MobileFaceNet with ArcFace on CASIA-WebFace and verified on LFW.

99.28%

LFW 10-fold Accuracy

1.15 MB

INT8 ONNX Size

63 ms

CPU Latency/Face

490,623

Training Images

10,572

Identities

1.0 M

Parameters

128-D

Embedding Dims

✓ ALL

Constraints Passed

99.28%

LFW Accuracy · required > 95%

✓ PASS — exceeded by +4.28%

1.15 MB

Model Size · required < 20 MB

✓ PASS — 17× smaller than limit

63 ms

CPU Latency · required < 1000 ms

✓ PASS — 16× faster than limit

Training Configuration

Dataset: CASIA-WebFace .rec

Backbone: MobileFaceNet

Loss: ArcFace s=64, m=0.50

Optimizer: SGD momentum=0.9

Schedule: warmup + cosine LR

Batch: 256

Epochs: 40 (best @ ep 36)

Precision: AMP fp16

Hardware: Kaggle Tesla T4

Training time: ~6.6 h

Export: PyTorch → ONNX FP32 → INT8

Eval sets: LFW · CFP-FP · AgeDB-30

Training Curve — LFW Accuracy per Epoch

ep 1

85.90%

ep 2

94.47%

ep 4

96.43%

ep 7

97.22%

ep 10

97.78%

ep 12

98.07%

ep 17

98.47%

ep 24

98.57%

ep 28

98.83%

ep 31

99.07%

ep 33

99.13%

ep 36 ★

99.28%

BEST

Engineering

Architecture that holds up in production

React Native + native Kotlin with a clean service layer. Each module has one responsibility and a clear contract.

Native Kotlin — FaceProcessor

Async ML Kit face detection + classification
Custom MobileFaceNet FP32 ONNX Runtime
Eye-aligned ArcFace 112×112 similarity transform
Laplacian-variance anti-spoof scoring
Geometric landmark fallback (every device)
EXIF-correct loading, OOM-safe downsampling

Biometric Services (TypeScript)

embeddingUtils: cosine similarity, L2-norm, match
bioHash: ISO/IEC 24745 cancellable templates
encryption: AES-256-GCM at rest
qualityGate: face acceptance policy
adaptiveThreshold: environment-aware scoring
differentialPrivacy: optional Laplacian noise

Field Services (TypeScript)

geofencing: Haversine + site CRUD
ppeDetection: helmet / vest compliance
aadharValidator: Verhoeff checksum
voicePrompts: Hindi/English TTS
i18n: locale management
sessionStore: auth session lifecycle

Data & Sync (TypeScript)

database: encrypted AsyncStorage CRUD
syncService: offline-first background engine
datalakeIntegration: NHAI Datalake 3.0 API
connectivityWatcher: network state monitoring
retryPolicy: exponential-backoff retry
dataRetention: GDPR lifecycle + auto-purge

Full Tech Stack

React Native 0.85

Hermes Engine

Kotlin Native Module

Google ML Kit

ONNX Runtime Android

MobileFaceNet + ArcFace

PyTorch (training)

AES-256-GCM

VisionCamera v5

React Navigation 7

TypeScript 5.8

Android SDK 35

Security & Privacy

Hard to fool. Safe with the data.

Every attack vector we considered — and exactly how we blocked it.

Threat	Attack Vector	Mitigation	Status
Photo spoof	Printed photo held to camera	Laplacian-variance texture analysis (native Kotlin)	✓ BLOCKED
Screen replay	Video on another phone	Laplacian detects flat texture + active liveness	✓ BLOCKED
Pre-recorded video	Video with correct movements	Randomized 3-of-4 challenge order every session	✓ BLOCKED
Proxy attendance	One person for another	Face recognition (99.28% LFW) + 3-factor liveness	✓ BLOCKED
Location fraud	GPS spoofing / remote work	Haversine geofence vs configured site radius	✓ BLOCKED
Duplicate enrolment	Same person registers twice	CNN cosine similarity ≥ 0.55 rejection	✓ BLOCKED
Device theft	Physical access to device	AES-256-GCM encrypted store + lockout	✓ BLOCKED
Biometric extraction	Stealing the template	BioHash ISO/IEC 24745 — raw vector never stored	✓ BLOCKED
Brute force	Repeated auth attempts	3-attempt lockout + 30 s cooldown	✓ BLOCKED
Record tampering	Editing attendance logs	Server-timestamp validation + local audit trail	✓ BLOCKED

Why We Win

NHAI Face Auth vs. every other system

Purpose-built for this brief. Exceeds every constraint. Does things no existing system offers.

Capability	✓ NHAI Face Auth	Typical Systems
Works offline	Full offline — every feature on-device	Requires connectivity
Face model	Self-trained 99.28% LFW, 1.15 MB INT8	Cloud API or 10–50 MB models
Template protection	BioHash ISO/IEC 24745 — raw face never stored	Raw embedding stored
Liveness	3 randomized challenges + texture anti-spoof	Single factor or none
Device coverage	CNN + geometric fallback — every phone	Fails on unsupported ops
Safety integration	GPS geofence + PPE helmet/vest check	Attendance only
Privacy compliance	ISO/IEC 24745, AES-256-GCM, GDPR retention	Varies / none
Identity assurance	Aadhaar Verhoeff validation + masked display	Not integrated
Analytics	Live on-device dashboard — works offline	Cloud dashboard only
Model size	1.15 MB (17× under the 20 MB limit)	10–50 MB typical

Integration

NHAI Datalake 3.0 — built in from day one

Clean API surface. One call covers auth + liveness + geofence + attendance + sync. Offline-first with delta push.

REST API Endpoints

POST/api/v1/workers/enrollNew worker enrolment

POST/api/v1/auth/verifyAuthentication event

POST/api/v1/attendance/syncBatch attendance records

GET/api/v1/sitesSite geofence boundaries

POST/api/v1/ppe/reportPPE compliance events

GET/api/v1/models/latestOTA model updates

// Single call: face auth + liveness + geofence + attendance + sync
import { FaceAuthModule } from './services/datalakeIntegration';

const result = await FaceAuthModule.markAttendance(imagePath);
// result.authenticated      — true / false
// result.withinGeofence     — true / false
// result.attendanceAction   — "CHECKED IN" / "CHECKED OUT"
// result.matchScore         — 0.0 – 1.0
// result.livenessPassed     — true / false
// result.spoofScore         — 0.0 – 1.0
// result.bioHashVerified    — true / false

// Sync queued records when connectivity returns
await FaceAuthModule.syncToServer();

Get Started

Install, build, or reproduce in minutes

Full source on GitHub. One Gradle command produces a standalone APK — no Metro, no server, no setup on the phone.

Install the APK (fastest)

Download from GitHub Releases, copy to your Android phone, tap to install. Or use ADB directly.

adb install -r NHAI-FaceAuth.apk

Clone & Install

Requires Node 18+, JDK 17, Android SDK 35 + NDK (via Android Studio SDK Manager).

git clone https://github.com/Eartherai/FaceAuthApp.git
cd FaceAuthApp/FaceAuthApp
npm install

Build Standalone APK

Standalone debug APK — bundles JS + ML models. Runs without Metro at runtime.

cd android
./gradlew assembleDebug
# output: app/build/outputs/apk/debug/

Reproduce the Model

Open the Kaggle notebook, attach CASIA-WebFace, GPU T4, Run All. Exports pt + onnx + int8 with automated constraints check.

FaceAuthApp/notebook/
mobilefacenet_training.ipynb

NHAI Face Auth

🌐 This page is live — share it with the judges

Twelve screens. One dark command centre.

Every capability — built for the field

Custom Face Recognition

Active Liveness Detection

Anti-Spoofing

BioHash Privacy (ISO/IEC 24745)

GPS Geofencing

PPE Compliance

Offline-First Sync

Live Analytics Dashboard

Aadhaar Linkage

Encryption & Lockout

Hindi / English Localization

Admin Console

A real custom model — trained from scratch

Training Configuration

Training Curve — LFW Accuracy per Epoch

From camera to verified identity in 300–500 ms

Capture

Detect

Liveness

Anti-Spoof

Embed

Match

Record

Architecture that holds up in production

Native Kotlin — FaceProcessor

Biometric Services (TypeScript)

Field Services (TypeScript)

Data & Sync (TypeScript)

Full Tech Stack

Hard to fool. Safe with the data.

NHAI Face Auth vs. every other system

NHAI Datalake 3.0 — built in from day one

REST API Endpoints

Install, build, or reproduce in minutes

Install the APK (fastest)

Clone & Install

Build Standalone APK

Reproduce the Model

Ready for the field.Built to win.

Ready for the field.
Built to win.