Authentication and authorization with remotely managed user directories
US-10880312-B1 · Dec 29, 2020 · US
Service provider managed applications in secured networks
US11418608B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11418608-B2 |
| Application number | US-202117386391-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 27, 2021 |
| Priority date | Mar 31, 2020 |
| Publication date | Aug 16, 2022 |
| Grant date | Aug 16, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for providing application services to a customer are provided. Customer-managed computing resources on a customer network may facilitate the provision of application services to a client device coupled to the customer network. Application instances providing the application services may execute either on the customer-managed computing resources or on computing resources managed by the service provider. Application services may be rendered to the customer while sensitive customer data maintains residency on storage resources on the customer network. Application instances may receive requests for services from the customer, and generate corresponding requests for particular data of the sensitive customer data. These requests may be conveyed to the endpoints on customer network capable of fulfilling the requests. Customer-managed computing resources and service provider-managed computing resources may be respective first and second subsets of a pool of shared computing resources, implemented as virtual private clouds (VPCs) accessible over respective private networks.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method of managing customer data, the computer-implemented method comprising: receiving, at a service provider application instance of a service provider, a first request from a client application of a client device, the client application accessing the service provider application instance using a service provider network interface operated by the service provider, the service provider application instance being an instance of an issue tracking system configured to track issues created in response to requests generated by a set of client devices, each client device of the set of client devices operating a client application instance; processing the first request by the service provider application instance by: in accordance with the first request requiring the customer data, sending a second request, by the service provider application instance, to a customer-managed endpoint configured to provide access to a customer network operated by a customer; and in accordance with a verification of the second request by the customer-managed endpoint, obtain the customer data from customer computing resources of the customer network, at least a portion of issue data associated with the issues tracked by the issue tracking system is stored as the customer data on the customer computing resources; and providing the customer data to the client application of the client device. 2. The computer-implemented method of claim 1 , wherein: the verification of the second request is performed by the customer-managed endpoint by: consulting an access control list maintained on the customer computing resources; and in accordance with the service provider application instance having sufficient permissions to access the customer data, granting access to the customer data. 3. The computer-implemented method of claim 1 , wherein the verification of the second request by the customer-managed endpoint includes a verification of a customer-issued access credential. 4. The computer-implemented method of claim 3 , wherein in accordance with the customer-issued access credential being revoked by the customer, access to the customer network via the customer-managed endpoint is refused. 5. The computer-implemented method of claim 1 , wherein the customer data is communicated to the service provider application instance via a secured channel established between the customer computing resources and the service provider application instance. 6. The computer-implemented method of claim 1 , wherein the service provider application instance is operated on service provider computing resources that are distinct from the customer computing resources. 7. The computer-implemented method of claim 1 , wherein the client application is operated via a web browser executing on the client device. 8. The computer-implemented method of claim 1 , wherein the service provider application instance is a single-tenanted application instance that only services requests from a single customer. 9. A computer-implemented method of managing customer data, the computer-implemented method comprising: receiving, at a service provider application instance, a first request generated in response to an action performed on a client application of a client device, the first request received by the service provider application instance via a service provider network interface operated by a service provider, the service provider application instance being an instance of an issue tracking system configured to track issues created in response to requests generated by a set of client devices, each client device of the set of client devices operating a client application instance; processing the first request by the service provider application instance by: in accordance with the first request comprising a request for the customer data, sending a second request, by the service provider application instance, to a customer network operated by a customer; and in accordance with a verification of the second request by a customer-managed endpoint of the customer network, obtaining the customer data from customer computing resources of the customer network, at least a portion of issue data associated with the issues tracked by the issue tracking system is stored as the customer data on the customer computing resources; and completing the processing of the first request, by the service provider application instance, based on the customer data. 10. The computer-implemented method of claim 9 , wherein the at least the portion of the issue data stored as the customer data on the customer computing resources is not replicated within the issue tracking system. 11. The computer-implemented method of claim 9 , wherein: the verification of the second request is performed by the customer-managed endpoint by: consulting an access control list maintained on the customer computing resources; and in accordance with the service provider application instance having sufficient permissions to access the customer data, granting access to the customer data. 12. The computer-implemented method of claim 9 , wherein the verification of the second request by the customer-managed endpoint includes a verification of a customer-issued access credential. 13. The computer-implemented method of claim 9 , further comprising: monitoring a flow of information between the service provider application instance and other entities on the customer network; and based on the monitoring of the flow of the information, regulating access privileges granted to the service provider application instance. 14. The computer-implemented method of claim 9 , wherein: the customer data is encrypted customer data; and completing processing of the first request includes decrypting the encrypted customer data. 15. A computer-implemented method of managing customer data, the computer-implemented method comprising: receiving, at a service provider application instance executing on first computing resources within a service provider network, a first request from a client device, the service provider application instance being an instance of an issue tracking system configured to track issues created in response to requests generated by at least the client device operating a client application instance; processing the first request, by the service provider application instance, by: sending, by the service provider application instance, a second request for the customer data, via the service provider network, by routing the second request from the service provider application instance to second computing resources within a customer network, the customer data residing on the second computing resources within the customer network, the customer network separate from the service provider network, at least a portion of issue data associated with the issues tracked by the issue tracking system is stored as the customer data on the second computing resources; and receiving the customer data, via the customer network, at the service provider application instance; and completing the processing of the first request, by the service provider application instance, based on the customer data. 16. The computer-implemented method of claim 15 , wherein: sending the second request for the customer data to the second computing resources within the customer network includes sending the second request to an endpoint within the customer network; and the endpoint within the customer network is configured to grant access to the customer data in accordance with the service provider appl
Assignees
Inventors
Classifications
Access control lists [ACL] · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Virtual private networks · CPC title
Entity profiles · CPC title
Electricity · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11418608B2 cover?
- Systems and methods for providing application services to a customer are provided. Customer-managed computing resources on a customer network may facilitate the provision of application services to a client device coupled to the customer network. Application instances providing the application services may execute either on the customer-managed computing resources or on computing resources mana…
- Who is the assignee on this patent?
- Atlassian Pty Ltd, Atlassian Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 16 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).