Skip to main content

Hall of justice - Authorisation Greeting System


Ever since I watched the Young Justice EP-1 the security system of the Hall Of Justice and Mount Justice wow-ed me. After all it was built by Batman. You see similar AI driven voice guided system in pretty much in all sci-fi series these days.
I always dreamed of having something similar of my own. Well, now I have it (sort of).




Although we not quite in the flying cars era yet (disappointment) but IOT powered locks are somewhat normal these days. The adoption rate is great. 


Some background: What is this Hall Of Justice Authorisation system?

This is the security system that Batman built for Hall Of Justice. The movies haven't shown it yet but there're several scenes in the animated series and comic books. Basically, it is a AI powered voice guided intelligent security system that scans bio signatures (like retina, body dimensions, temperature, heart rate) through a scanning device and identifies which member of the justice league it is, logs entry then grants access to restricted members only area.

Here's a GIF image of how this system works:


Intriguing right? I know. 

Even more interestingly, to do all of the above the technology is already available and I won't be surprised if someone already has it.  

What I did

  • A bio signatures scanner is complex to build, requires power and hardware, involves several integration points and will look clunky when jumbled together with my skill set and resources available to me -- So No Go. 
  • I could build a facial recognition device. But again that would require a camera attached to a RPi, somehow I will need to wire to its suitable position to supply power and time to time it will fail (lack of lighting, passed too quick for a low cost small camera). -- No Go Again.
  • I do carry a mobile phone and/or wear smart watch. Both of these devices emits bluetooth signal that contains the device signature. Using a scanner I can scan the device and know whose device it is (mine, my wife's or some one else's). I have a Sonos speaker. I have Home Assistant which can act as a conduit for text-to-speach to sonos. -- Yep, this is a GO.


How I did it:

This is how:
  • I have the config written in Evernote. The config contains devide unique id (a guid) and corresponding name.
  • I wrote a program in Embedded C++ using PIO and deployed it to a ESP32 chipset. This the heart of the operation. 
    • First, it connects to WIFI after boot.
    • Then it reads config from Evernote and keeps in memory
    • Then it start scanning. It is also a BLE (Bluetooth low energy) scanner and constantly (with 3 sec sleep time) looks for bluetooth devices within approx 1 metre radius.
    • When a device is found with matching ID with config data it sends a REST Payload to Home Assistant with the device Name as a parameter. 
    • Then it goes to sleep for few seconds to stop scanning the same device. It also keeps the last found id in memory, for the next 15mins which gives the user time to clear out of its scanning area. But if it finds other devices within that 15 mins with matching id/name it will send payload with the name.
    • It is also a MQTT client which is subscribed to a topic from Home Assistant MQTT server. When the message "SLEEP" (usually at night after 10pm) is received to this topic the client executes esp_deep_sleep_start() which causes ESP32 to go to deep sleep mode (as per config esp_sleep_enable_timer_wakeup(TIME_TO_SLEEP_30_MIN)). During this process all memory is wiped and processing completely stops except for in built clock cycle which wakes the ESP32 after the sleep duration. The MQTT client also publishes the ESP32's status time to time so I can see it what state the scanner is at given time. The states are: SLEEP, AWAKE, ERROR.  
  • I configured Home Assistant as per below for this purpose:
    • Configured a custom sensor in the Home Assistant to displays the status of the ESP32 and its last scanned device name.
    • I wrote a custom switch (using Boolean variable) which acts and publishes to the MQTT topic. Using this switch I can manually send SLEEP command to ESP32.
    • I wrote an automation that publishes a message SLEEP after 10pm.  
    • I wrote a TTS (text-to-speach) script to send to Sonos using HA tts with platform google translator. (Sonos is already available to HA using Air U PnP). .   
    • I wrote a script that gets triggered via REST API by the ESP32 device. This script takes the device name as a parameter. This script then calls the Sonos Say script with the full text "Access Granted. Welcome Batman." (Here Batman is the device id passed to HA as parameter). It also publishes the Device name to the MQTT topic to display on the UI.
    • HA TTS converts into audio wav format trigger play to Sonos speaker over wifi with 50% volume.
  • I plugged in the ESP32 device using a USB power supply in my garage near the garage door. Luckily my main entry door is on the other side of the wall.  

The Result

  • When I enter (or near by meaning about to enter) using the entry door or garage door the ESP32 finds the BLE signature emitting from my phone or watch. Most of the time finds the watch.
  • Plays "Access Granted, Welcome Batman!" on Sonos speaker.
  • The scanner sleeps at night and wakes up in the morning. Or manually made to sleep (in the case when I am out at work or on holiday). So mimicking a security system turn off or on or locked.

Limitation

A limitation it currently has is in order for the device to emit BLE signal the device needs to be awake/alive. For iPhone or iWatch if the screen is off it means the device is not emitting BLE signals. When a notification is received the device (iPhone, iWatch) screen turns on meaning at that time the device is emitting BLE signal.
For iWatch it is quite natural. For example: I am driving into my drive way which due to hand gesture causes iWatch to be awake and ESP32 scanner finds it. Very similar happens with iPhone 10 which my wife uses. So not an issue when user is wearing iWatch and/or using iPhone 10.
Unfortunately, currently I am using iPhone 8. Which doesn't get awaken with movement. So when I am carrying only iPhone 8 in my pocket the ESP32 does not find the device and nothing happens.

Future enhancement

This is just a start. I plan to turn it into an actual lock/unlock functionality. Below is what I have in mind.

  • The script in Home Assistant can easily be extended to fire the garage door button. This will do a real unlock.
  • When I am near by (within 500cm) and incoming from outside the HA will send a notification using proximity. Which will also cause the phone state to be awake and ESP32 will find the device to perform greeting + unlock doors. Not a hard problem to solve and easily do-able.


Demo Video

"Hai, if it didn't happen on camera it didnt happen at all". So here's the demo of my JL Auth Greeting System:

https://www.youtube.com/watch?v=2MRtNdC7rdQ




Thank You





Some highlights photos gallery:



Loading embedded code onto ESP32 (so easy)




Platform IO - Super impressed. Light weight, runs on code, intellisence -- what more do you want.


A super important config to avoid flush error. Wasted half a day to figure this out.


Plugged in and working.


The Home Assistant Script behind the voice guided greeting


 The MQTT callback (for a subscribed topic) that never worked :(
 

The MQTT publish from Home Assistant that worked but never got actioned :(



Labels:

Comments

Post a Comment

Popular posts from this blog

Managing devices using Edge Manager

Managing edge devices has been a complex process as traditional IT ops tools fall short in distributed, low-connectivity environment to manage huge quantity of devices.  Red Hat Edge Manager  (Open source project: FlightControl , GA'd by Red Hat on late Jan, 2026) solves these challenges by providing streamlined management of edge devices and applications through a declarative approach . Now, there's a fair bit to unpack here. But for simplicity this is how I am going to map those 3 things here: Management of edge devices: I am mapping this to LCM (including upgrade, patch etc) of the underlying OS (in this case RHEL OS of BootC flavor or at least UBI based RHEL ). Managing applications: Mapping this to deploying applications and LCM of the applications stack on the OS. Declarative approach: This one is super interesting. To me this is very K8s-yy but in the world of edge devices running linux (RHEL OS, as of today). And then this thing also has MCP : This is my next prob...
Post a Comment
Read more

The story of a Hack Job

"So, you have hacked it" -- Few days ago one of the guys at work passed me this comment on a random discussion about something I built. I paused for a moment and pondered: Do I reply defending how that's not a hack. OR Do I just not bother I picked the second option for 2 reasons: It was late. It probably isn't worth defending the "hack vs" topic as the comment passed was out of context. So I chose the next best action and replied "Yep, sure did and it is working great.". I felt like Batman in the moment. In this post I will rant about the knowledge gap around hacking and then describe about one of the components of my home automation project (really, this is the main reason for this post) and use that as an example how hacking is cool and does not always mean bad. But first lets align on my definition of hacking: People use this term in good and bad, both ways. For example: "He/she did a hack job" -- Yeah, that probably...
Post a Comment
Read more

Speeding using Crossplane and ServiceBinding

Software development and release processes continues to improve to deliver value to the users faster and better to support business growth and relevance in this competitive market. To achieve this we focus on automating the path to production and any people or process related obstacles of a software on its way to the user. Generally, some of the goals of the golden paths, are: Remove interdependency and promote self service and  provider & consumer relationship. Shift left - from people & process to technology & automation . Treat Platform-as-product and provide PaaS Secured and standardised by design In this post, I will describe how Crossplane and ServiceBinding can help achieve these goals in the context of applications development and delivery and their consumption of external resources / services in the process. Note:   Crossplane and  ServiceBinding both are capable of covering beyond just database connectivity. In this blog post I am describing Dat...
Post a Comment
Read more

Passwordless Auth to Azure Key Vault using External Secret and Workload Identity

I want to fetch my secrets from Azure KV and I don't want to use any password for it. Let's see how this can be implemented. This is yet another blog post (YABP) about ESO and Azure Workload Identity. Why Passwordless Auth: It is a common practice to use some sort of "master password" (spn clienid, clientsecret etc) to access Secret Vaults (in this case it is AZ KV) but that master password becomes a headache to manage (rotate, prevent leak etc). So, the passwordless auth to AKV is ideal.  Why ESO: This is discussed and addressed in the conclusion section. Workload Identity (Passwordless Auth): Lets make a backward start (just for a change). I will try to explain how the passwordless auth will work. This will make more sense when you will read through the detailed implementation section. Here's a sequence diagram to explain it: There's no magic here. This is a well documented process by microsoft  here . The below diagram (directly copied from the official doc...
Post a Comment
Read more

A modern cloud native (and self serve) way to manage Virtual Machines

Really!! Are there could native way to deploy, LCM VMs and add Self Serve on top ???? In this post I will describe an art of the possibility using the below tools: RHDH: Red Hat Developer Hub (Open source project: Backstage ) OCP Virtualization: Red Hat OpenShift Virtualization (Open source project: KubeVirt ) AAP: Red Hat Ansible Automation Platform (Open source project: Ansible / AWX ) RHEL BootC: Image mode for Red Hat Enterprise Linux (Open source project: bootc ) GitOps: Red Hat OpenShift GitOps (Open source project: ArgoCD ) Quay Registry or any other OCI compliant registry All of these projects can be run on Red Hat OpenShift (Open source project: OKD ) OR on other Kubernetes distribution or on VMs (you pick your underlying infra. For this post I have used OpenShift for simplicity of deployment, integrated tools and narrowly focusing on the usecases instead of the deployment of the tools).  The main goal here is to: Easily deploy and lifecycle applications and stuffs ...
Post a Comment
Read more

Deciphering the hype of Service Mesh

Service Mesh is not a new topic anymore. Most of us in the industry are already familiar with it. There are also tons of article in the internet about its why and how. In my opinion, it has a significant influence on the application architecture. Here's a DevSecOps humor to start the discussion (and it will make sense as you read along).  This is part 1 of my 3 parts blog posts on Service Mesh. Part 1:   Deciphering the hype of Service Mesh Part 2:   Understanding The Ingress and The Mesh components of Service Mesh. Part 3:  Understanding the observability component of Service Mesh (TBD).  In this post, I am going approach Service Mesh from an application architecture point of view. I will also score some of its basic features on a scale of 1 to 5, where 1 being the least important to me and 5 being the most important.  Table of contents: Common Q&As Features mTLS Service Discovery Meshing Ingress, Gateways etc Telemetries Enterprise products and offeri...
Read more