Back to projects

Hardware Integration

Paycom Face Forward™ Timeclock

Led end-to-end software launch of Paycom's next-generation hardware timeclock, unifying hardware-to-software architecture across the full stack with C++, SWIG, and AIDL bindings for facial recognition, fingerprint, and RFID authentication at enterprise scale.

Year 2022
Role Lead Software Developer
Status Production - 25,000+ devices
Android AOSP C / C++ Kotlin SWIG NFC RFID Facial Recognition Biometrics SQLite 25k+ Devices
Product Page

Overview

The Paycom Face Forward™ Timeclock is Paycom's next-generation enterprise hardware timeclock, designed for touchless, high-speed employee authentication at scale. I led the software launch end-to-end - from architecture definition through production deployment across a fleet of 25,000+ devices.

The Challenge

Paycom needed a new timeclock platform that could handle:

  • Multi-modal authentication - facial recognition, fingerprint scanning, and RFID card reads, all sharing a unified Android application layer
  • Enterprise-scale data sync - reliable two-way sync of punch records across a massive device fleet, with zero tolerance for data loss
  • Offline-first operation - devices must continue functioning when network connectivity is unavailable, flushing cached data once reconnected
  • Hardware abstraction - clean separation between the Android app layer and the native C++ SDKs provided by hardware vendors
  • Biometric Privacy - facial geometry data is a protected biometric identifier under BIPA and similar state statutes, requiring encrypted at-rest storage, strict consent gating, and automated retention and deletion workflows.

Architecture

The core challenge was bridging Android (Kotlin/Java) and the native hardware SDKs (C++). Different peripherals required different integration strategies depending on how deeply they needed to interface with the Android platform.

I designed and implemented a SWIG binding layer that exposed some of the C++ facial recognition APIs to the Android application as idiomatic Kotlin interfaces, handling threading, error propagation, and lifecycle correctly across the JNI boundary.

Some of these peripherals integrate at a lower level through Android Hardware Abstraction Layers (HALs), exposed to the application via AIDL-defined interfaces over Binder IPC. The application communicates with these peripherals through the HAL interface rather than directly with the hardware SDK, which provides better isolation, allows the platform to manage peripheral lifecycle independently of the app, and aligns with AOSP's security model for privileged hardware access.

+--------------------------------------------------------------+
|                 Android System Application                   |
|                (Kotlin - UI, business logic)                 |
+--------------------------------------------------------------+
|                Unified Authentication Interface              |
+--------------------------------------------------------------+
|                  |     Custom SDK Packge (Kotlin / JNI)      |
|    SWIG / JNI    +-------------------------------------------+
|                  |            AIDL / Binder IPC              |
+------------------+------------------+------------------------+
| Face Recognition |  NFC / RFID HAL  |     Fingerprint HAL    |
|    SDK (C++)     |    (C / C++)     |        (C / C++)       |
+------------------+------------------+------------------------+
|                     Linux Kernel Drivers                     |
+------------------+------------------+------------------------+

Data Sync Engine

The most technically demanding component was the SQLite-backed sync engine. Punch records must be:

  1. Written locally the moment they occur (offline-first)
  2. Queued for transmission to the Paycom backend
  3. Reconciled against the server response to ensure no duplicates or missed records
  4. Pruned from local storage once safely confirmed server-side

I implemented this using Android's background threading primitives, with a state machine per punch record tracking its progression through the sync lifecycle. The engine processes over 15 million records monthly with 100% confidence and integrity.

Biometric Privacy & BIPA Compliance

Some Face Forward Timeclocks capture biometric data. Many states have begun imposing laws that require consent and usages of biometric data to be made clear. These laws imposed concrete obligations and directions we took that shaped several architecture decisions.

Encrypted storage. Facial templates are stored in an encrypted partition using the Android Keystore, ensuring data at rest is protected by hardware-backed keys and isolated from the general application data layer.

Consent gating. No biometric data is captured until the employee completes the consent step on the device. Enrollment cannot be triggered remotely or by an administrator; it requires an active interaction from the employee themselves.

Retention and deletion. The sync engine exposes a deletion endpoint the Paycom backend calls on employee termination, purging the facial template from the device automatically and supporting BIPA's destruction schedule requirement without manual intervention.

Milestones After Launch

  • Launched on schedule to a fleet of 25,000+ devices
  • Sustained 99.9% uptime in production since launch
  • Authentication latency under 1 second for all modalities (face, fingerprint, RFID)
  • Zero data-loss incidents in the sync engine since deployment