1. Project Title

Design of a Multi-Modal Smart Door Lock System (NFC + OTP + Face Recognition) for Smart Home Applications

2. Abstract

This project involves the design and implementation of a smart door lock system integrating three authentication methods: NFC tags, OTP (One-Time Password) delivered via App/Telegram/MQTT, and AI-based Face Recognition. The system utilizes an ESP32 (or Raspberry Pi for image processing) to control electronic lock actuators, log data to the cloud, manage access permissions, and provide a web/mobile administrative interface. The goal is to enhance security and flexibility in access management for residential homes, dormitories, and small offices.

3. Research Objectives

• Hardware Design: Develop a stable hardware platform including NFC readers, cameras, controllers, and locking mechanisms (motors/solenoids).

• Authentication Implementation: Deploy NFC, OTP, and Face Recognition methods with configurable priority or access modes.

• Management Interface: Build a web/mobile dashboard to grant/revoke permissions, view logs, and configure system settings.

• Performance Evaluation: Assess unlock speed, face recognition accuracy (FAR/FRR), OTP reliability, and overall system security.

• Security & Privacy: Propose and implement measures to protect user data and prevent unauthorized access.

4. Project Scope

• Hardware: A prototype lock (simulated door) using ESP32 or Raspberry Pi, PN532/RC522 NFC module, camera, and servo/solenoid.

• Software: Device firmware, a face recognition module (on-device or server-based), and a central server (Raspberry Pi/Cloud) for OTP, MQTT, and the Web UI.

• Exclusions: Integration with large-scale commercial door systems or enterprise-grade security certifications (proposals only).

5. Literature Review (Summary)

This project draws on research regarding smart lock solutions, NFC modules (PN532), and the MQTT protocol for IoT. It utilizes lightweight face recognition algorithms (MobileNet, FaceNet, or Tiny-YOLO for detection + FaceNet/ArcFace for embeddings + cosine similarity) and standard OTP practices (TOTP or random codes sent via Telegram/SMTP).

6. Implementation Methodology

6.1 System Architecture

• Edge Device: ESP32 or Raspberry Pi connected to:

  • NFC Reader (PN532 / RC522)

  • Camera (ESP32-CAM / Pi Camera)

  • Lock Actuator (Servo/Solenoid/Linear Actuator)

  • Wi-Fi Module for MQTT/HTTP communication.

• Management Server: API (Flask/Node.js), Database (SQLite/MySQL), OTP Service (Generation + Telegram/SMTP delivery), and Face Recognition processing module.

• Client: Web UI / Mobile PWA (Progressive Web App) for administration and logging.

• Protocols: MQTT for real-time status/alerts; HTTP/REST for configuration and OTP requests.

6.2 Primary Workflow

1. NFC Access: User taps tag → Device reads UID → Validates against whitelist → Unlocks if authorized; otherwise, denies and logs the event.

2. Remote/OTP Access: Request sent via App → Server generates OTP and sends it to user (Telegram) → User enters OTP on App/Device → Server validates → Lock opens.

3. Face Recognition: Camera captures image → Face detection → Feature extraction (embedding) → Cosine similarity comparison with database → Unlock if threshold is met.

4. Logging: Every event (UID, Face result, OTP status, Timestamp, IP address) is recorded.

6.3 Key Algorithms

• Face Recognition: Detection (MTCNN / Haar Cascade / Tiny-YOLO) → Face Alignment → Feature Extraction (MobileFaceNet / FaceNet) → Cosine Similarity comparison.

• OTP Management: 6-digit random code generation with 60–180s TTL (Time-to-Live) or TOTP for synchronized authentication.

• Permission Management: Role-based access control (Admin, Resident, Guest) with time-limited validity.

7. Component List (Suggested)

• Microcontroller/SBC: ESP32 DevKit, ESP32-CAM, or Raspberry Pi 4/Zero W.

• NFC Reader: PN532 or RC522 module.

• Camera: ESP32-CAM or Raspberry Pi Camera V2.

• Locking Mechanism: MG996R Servo or 12V Solenoid Lock.

• Power Supply: 5V 2A Adapter + Step-down/Relay modules.

• Storage: MicroSD card or SSD/SD for Raspberry Pi.

• Software/Libraries: Arduino/ESP-IDF, OpenCV, dlib/face_recognition, TensorFlow Lite, Mosquitto (MQTT), Flask/Node.js.

8. Block Diagram

User Devices $\leftrightarrow$ Edge Device (ESP32/RPi) $\leftrightarrow$ Server (API/DB/Face Module) $\leftrightarrow$ Admin Web UI

(The Edge Device communicates via MQTT Broker for real-time triggers and HTTP for data syncing).

9. Implementation Timeline (12 Weeks)

• Week 1: Research, requirements gathering, and component selection.

• Week 2: Procurement and basic hardware assembly.

• Weeks 3–4: Firmware development (NFC, Lock control, MQTT/Wi-Fi).

• Weeks 5–6: Server-side development (API, DB, Telegram OTP integration).

• Weeks 7–8: Face recognition module implementation and dataset collection.

• Week 9: Full system integration and permission logic.

• Week 10: Functional testing and performance benchmarking (Accuracy/Latency).

• Week 11: UI optimization and user manual documentation.

• Week 12: Final report and project defense.

10. Evaluation & Acceptance Criteria

• Latency: NFC/OTP unlocking $\leq$ 3s; Face recognition $\leq$ 5s.

• Accuracy: Face recognition accuracy $\geq$ 90% under standard lighting.

• Security: OTP must expire after TTL; all attempts must be logged.

• Reliability: Successful logging and query functionality via Web UI.

• Network Security: Use of nonces/TTL to prevent replay attacks and TLS for cloud communication.

11. Estimated Budget

• ESP32 + ESP32-CAM: $15 – $25

• Raspberry Pi Zero W / PN532: $25 – $60

• Lock Actuator / Mechanical parts: $10 – $40

• Power/Cabling/Enclosure: $10 – $20

• VPS/Cloud (Optional): $0 – $10/month

• Total Estimate: $60 – $200 (depending on SBC choice).

12. Risks & Mitigations

• Recognition Errors: Mitigated by collecting multi-angle samples and adjusting confidence thresholds.

• Cybersecurity (MITM/Replay): Mitigated by using TLS, JWT for APIs, and short-lived OTPs.

• Mechanical Failure: Mitigated by including a manual physical override (key) for emergencies.

13. Ethics & Privacy

• Data Protection: Face embeddings are stored instead of raw images; data is encrypted.

• Consent: Users must provide explicit consent for facial data collection.

• Right to Erasure: Provide a mechanism for users to wipe their data upon request.

14. Expected Deliverables

• Working Prototype: Fully assembled smart lock hardware.

• Software Suite: Server code, firmware, and Web UI.

• Documentation: Technical report, user manual, and performance data.

• Presentation: Slide deck and live demo video.