Skip to main content

Hall of justice - Authorisation Greeting System


Ever since I watched the Young Justice EP-1 the security system of the Hall Of Justice and Mount Justice wow-ed me. After all it was built by Batman. You see similar AI driven voice guided system in pretty much in all sci-fi series these days.
I always dreamed of having something similar of my own. Well, now I have it (sort of).




Although we not quite in the flying cars era yet (disappointment) but IOT powered locks are somewhat normal these days. The adoption rate is great. 


Some background: What is this Hall Of Justice Authorisation system?

This is the security system that Batman built for Hall Of Justice. The movies haven't shown it yet but there're several scenes in the animated series and comic books. Basically, it is a AI powered voice guided intelligent security system that scans bio signatures (like retina, body dimensions, temperature, heart rate) through a scanning device and identifies which member of the justice league it is, logs entry then grants access to restricted members only area.

Here's a GIF image of how this system works:


Intriguing right? I know. 

Even more interestingly, to do all of the above the technology is already available and I won't be surprised if someone already has it.  

What I did

  • A bio signatures scanner is complex to build, requires power and hardware, involves several integration points and will look clunky when jumbled together with my skill set and resources available to me -- So No Go. 
  • I could build a facial recognition device. But again that would require a camera attached to a RPi, somehow I will need to wire to its suitable position to supply power and time to time it will fail (lack of lighting, passed too quick for a low cost small camera). -- No Go Again.
  • I do carry a mobile phone and/or wear smart watch. Both of these devices emits bluetooth signal that contains the device signature. Using a scanner I can scan the device and know whose device it is (mine, my wife's or some one else's). I have a Sonos speaker. I have Home Assistant which can act as a conduit for text-to-speach to sonos. -- Yep, this is a GO.


How I did it:

This is how:
  • I have the config written in Evernote. The config contains devide unique id (a guid) and corresponding name.
  • I wrote a program in Embedded C++ using PIO and deployed it to a ESP32 chipset. This the heart of the operation. 
    • First, it connects to WIFI after boot.
    • Then it reads config from Evernote and keeps in memory
    • Then it start scanning. It is also a BLE (Bluetooth low energy) scanner and constantly (with 3 sec sleep time) looks for bluetooth devices within approx 1 metre radius.
    • When a device is found with matching ID with config data it sends a REST Payload to Home Assistant with the device Name as a parameter. 
    • Then it goes to sleep for few seconds to stop scanning the same device. It also keeps the last found id in memory, for the next 15mins which gives the user time to clear out of its scanning area. But if it finds other devices within that 15 mins with matching id/name it will send payload with the name.
    • It is also a MQTT client which is subscribed to a topic from Home Assistant MQTT server. When the message "SLEEP" (usually at night after 10pm) is received to this topic the client executes esp_deep_sleep_start() which causes ESP32 to go to deep sleep mode (as per config esp_sleep_enable_timer_wakeup(TIME_TO_SLEEP_30_MIN)). During this process all memory is wiped and processing completely stops except for in built clock cycle which wakes the ESP32 after the sleep duration. The MQTT client also publishes the ESP32's status time to time so I can see it what state the scanner is at given time. The states are: SLEEP, AWAKE, ERROR.  
  • I configured Home Assistant as per below for this purpose:
    • Configured a custom sensor in the Home Assistant to displays the status of the ESP32 and its last scanned device name.
    • I wrote a custom switch (using Boolean variable) which acts and publishes to the MQTT topic. Using this switch I can manually send SLEEP command to ESP32.
    • I wrote an automation that publishes a message SLEEP after 10pm.  
    • I wrote a TTS (text-to-speach) script to send to Sonos using HA tts with platform google translator. (Sonos is already available to HA using Air U PnP). .   
    • I wrote a script that gets triggered via REST API by the ESP32 device. This script takes the device name as a parameter. This script then calls the Sonos Say script with the full text "Access Granted. Welcome Batman." (Here Batman is the device id passed to HA as parameter). It also publishes the Device name to the MQTT topic to display on the UI.
    • HA TTS converts into audio wav format trigger play to Sonos speaker over wifi with 50% volume.
  • I plugged in the ESP32 device using a USB power supply in my garage near the garage door. Luckily my main entry door is on the other side of the wall.  

The Result

  • When I enter (or near by meaning about to enter) using the entry door or garage door the ESP32 finds the BLE signature emitting from my phone or watch. Most of the time finds the watch.
  • Plays "Access Granted, Welcome Batman!" on Sonos speaker.
  • The scanner sleeps at night and wakes up in the morning. Or manually made to sleep (in the case when I am out at work or on holiday). So mimicking a security system turn off or on or locked.

Limitation

A limitation it currently has is in order for the device to emit BLE signal the device needs to be awake/alive. For iPhone or iWatch if the screen is off it means the device is not emitting BLE signals. When a notification is received the device (iPhone, iWatch) screen turns on meaning at that time the device is emitting BLE signal.
For iWatch it is quite natural. For example: I am driving into my drive way which due to hand gesture causes iWatch to be awake and ESP32 scanner finds it. Very similar happens with iPhone 10 which my wife uses. So not an issue when user is wearing iWatch and/or using iPhone 10.
Unfortunately, currently I am using iPhone 8. Which doesn't get awaken with movement. So when I am carrying only iPhone 8 in my pocket the ESP32 does not find the device and nothing happens.

Future enhancement

This is just a start. I plan to turn it into an actual lock/unlock functionality. Below is what I have in mind.

  • The script in Home Assistant can easily be extended to fire the garage door button. This will do a real unlock.
  • When I am near by (within 500cm) and incoming from outside the HA will send a notification using proximity. Which will also cause the phone state to be awake and ESP32 will find the device to perform greeting + unlock doors. Not a hard problem to solve and easily do-able.


Demo Video

"Hai, if it didn't happen on camera it didnt happen at all". So here's the demo of my JL Auth Greeting System:

https://www.youtube.com/watch?v=2MRtNdC7rdQ




Thank You





Some highlights photos gallery:



Loading embedded code onto ESP32 (so easy)




Platform IO - Super impressed. Light weight, runs on code, intellisence -- what more do you want.


A super important config to avoid flush error. Wasted half a day to figure this out.


Plugged in and working.


The Home Assistant Script behind the voice guided greeting


 The MQTT callback (for a subscribed topic) that never worked :(
 

The MQTT publish from Home Assistant that worked but never got actioned :(



Labels:

Comments

Post a Comment

Popular posts from this blog

Managing devices using Edge Manager

Managing edge devices has been a complex process as traditional IT ops tools fall short in distributed, low-connectivity environment to manage huge quantity of devices.  Red Hat Edge Manager  (Open source project: FlightControl , GA'd by Red Hat on late Jan, 2026) solves these challenges by providing streamlined management of edge devices and applications through a declarative approach . Now, there's a fair bit to unpack here. But for simplicity this is how I am going to map those 3 things here: Management of edge devices: I am mapping this to LCM (including upgrade, patch etc) of the underlying OS (in this case RHEL OS of BootC flavor or at least UBI based RHEL ). Managing applications: Mapping this to deploying applications and LCM of the applications stack on the OS. Declarative approach: This one is super interesting. To me this is very K8s-yy but in the world of edge devices running linux (RHEL OS, as of today). And then this thing also has MCP : This is my next prob...
Post a Comment
Read more

Story of a Java application in the cloud on Heroku

Starting with a monolith application is not really uncommon. But when the demand arises it is important to have a plan or path to go distributed either a Big Bang change or phased approach. I took the phased approach and the phases sort of happened naturally (without even knowing the right technical terms, BUT the concept and vision was clear). I will try to tell the story in this post. Although I will use "sample app" and the tutorials I prepared for this is a "sample app", I have faced the scenarios in real life few years ago and learned a thing or two. I am using Heroku for this "sample app" but this can also be implemented in AWS or Azure. I am sure there's always a better way of doing it, but this is how I have approached it.   Firstly, let's set some functional specification for our "sample app": The app will take request from the user (there's no restriction on how many users can request the app in a given second.) via browser....
Post a Comment
Read more

CastleWindsor issue with MVC Area

I have been stuck with this issue and couldn't take it out of my head. Hence, ended up putting in some heavy hours solving it. But hopefully it is worth it. THE CONTEXT: I am implementing a MVC solution for an existing Sitecore 8.0 implementation which uses Castle Windsor for it's dependency resolver. Let's say a a tiny microsite. I had to implement a SPEAK app as per one of the requirements. Below are the 2 most important things behind why I ran into this issue in the first place: I needed to call a WebApi from my SPEAK app. 2. I decided to take MVC Area approach for my "tiny microsite" on a completely different sets of dlls For example the dlls for my "tiny microsite" are MyTinyApp.Web.dll, MyTinyApp.Business.dll whereas the main website's dlls are BigWebsite.Web.dll, BigWebsite.Business.dll etc.  WHY MVC AREA: The reason I took the MVC Area approach was to completely separate my "tiny microsite" so that I don't ...
Post a Comment
Read more

Openshift-Powered Homelab | Why, What, How

I wanted to build a Homelab for some time but it was taking a backseat as I always had access to cloud environments (eg: cloud accounts, VMware DC etc) and the use cases I was focusing on didn't really warrant for one. But lately, some new developments and opportunities in the industry triggered the need to explore use cases in a bare-metal server environment, ultimately leading to the built of my own homelab, called MetalSNO. In this post, I will discuss some of my key reasons for building a homelab, the goals I set for it, and the process I followed to building one from scratch. I'll conclude with some reflections on whether it was truly worth it and what I plan to do with it going forward. Compelling reasons (The Why ) My uses cases for a homelab weren't about hosting plex server, home automation etc (I have them on Raspberry PIs for some years now). My Homelab is really about exploring technologies and concepts that are on par with industry trend. Below are some of the ...
Post a Comment
Read more

Passwordless Auth to Azure Key Vault using External Secret and Workload Identity

I want to fetch my secrets from Azure KV and I don't want to use any password for it. Let's see how this can be implemented. This is yet another blog post (YABP) about ESO and Azure Workload Identity. Why Passwordless Auth: It is a common practice to use some sort of "master password" (spn clienid, clientsecret etc) to access Secret Vaults (in this case it is AZ KV) but that master password becomes a headache to manage (rotate, prevent leak etc). So, the passwordless auth to AKV is ideal.  Why ESO: This is discussed and addressed in the conclusion section. Workload Identity (Passwordless Auth): Lets make a backward start (just for a change). I will try to explain how the passwordless auth will work. This will make more sense when you will read through the detailed implementation section. Here's a sequence diagram to explain it: There's no magic here. This is a well documented process by microsoft  here . The below diagram (directly copied from the official doc...
Post a Comment
Read more