Design an On-Device Face Recognition System for Mobile Access Control

Context

You are designing a face-based access control system for mobile devices with 50M monthly active users. Devices often operate with intermittent connectivity, so the system must work fully offline and sync/update when online. The product must meet strong privacy and security requirements typical for consumer finance and protect against spoofing.

Requirements

1. Choose between verification (1:1) and identification (1:N) and justify the choice.
2. Specify:
   • Model family and embedding dimension.
   • Training objective (e.g., ArcFace vs. triplet loss).
   • Data scale and augmentations.
   • Evaluation protocol (ROC/DET) and target thresholds (e.g., FAR ≤ 0.001 at TPR ≥ 0.98).
3. Address robustness:
   • Liveness/anti-spoofing (2D/3D/IR), replay attacks.
   • Occlusions (masks, glasses), low light, motion blur.
   • Demographic fairness and threshold calibration across cohorts.
4. Privacy and security:
   • On-device storage, template protection, differential privacy, opt-out.
   • Secure model updates, integrity, and abuse prevention.
5. Performance constraints for mid-tier devices:
   • p95 latency < 150 ms per unlock.
   • Memory footprint < 50 MB total.
   • Battery impact minimal.
6. On-device vs. server inference and offline fallback behavior.
7. Monitoring for data drift and periodic re-enrollment.
8. Safe A/B testing plan (shadow mode, guardrails).