Our last blog reviewed what the “Platform as a Service” (or “PaaS”) part of the Cloud is. It is essentially the second layer, which contains of both hardware and software components for your IT Infrastructure. In this blog, we look at third and final component of the Cloud, which is known as the “Software as a Service”, or “SaaS”.
This is in fact the most heavily used part of the Cloud, as many software applications can be rented or purchased on demand, at an affordable and fixed monthly pricing. Also, we will examine how Biometrics can protect the SaaS layer.
A specific definition of the SaaS is as follows:
“The (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).”
Typically, the SaaS platform will reside in the same part of the PaaS server where that has its own set of software applications (as just described).
How Can Biometrics Be Used to Protect the SaaS?
Since at this point, we are now discussing securing software applications, Physical Access Entry is no longer the issue, it is now how to secure the Logical Access Entry side of this equation. In this scenario, there are four assumptions that are made:
- The PaaS Server (which also contains the SaaS Platform) will have a separate “Authentication Server” which will store the Enrollment Biometric Templates of the subscriber’s whom have purchased SaaS based applications;
- Fingerprint Recognition will be the predominant Biometric Technology to be used in this regard;
- A Web Browser will be used to access the SaaS applications;
- The use of APIs is also made in the authentication process.
The end user submits their fingerprint via a Fingerprint Recognition Device connected to their computer via a USB connection. From here, the raw image is compiled, the unique features are extracted, and the Biometric Template (which is a mathematical file) is created. This then becomes what is known as the “Model File”.
The “Model File” is then sent from the Fingerprint Recognition application (which actually resides in the device itself) to the API Service using what is known as a “REST Call”.
The “REST Call” then connects to the Authentication Server; it sends it the “Model File”, and also requests for the authentication process of the end user to begin.
The Authentication Server then confirms the Enrollment Template it has of the end user with the information that is presented in the “Model File”.
If the authentication proves to be successful in Step #4, the Authentication Server then ends over an API based username/password combination.
Now having the username/password combination that was established in Step #5, the API now sets up a new session on the web interface for the end user to access the SaaS application that he or she needs access to.
The API then creates and sends over the Session ID to the end user’s computer.
The end user can now download this specific SaaS based application onto their own computer and access via a Graphical User Interface (GUI) through the web browser of their choice.
The SaaS Platform can further manage this connection and service that is being provided through the Session ID that was created in Step #7.
This concludes our series on how Biometrics can be used in the Cloud.