US 12,289,308 B2
Native remote access to target resources using secretless connections
Arthur Bendersky, Petach-Tikva (IL); Dima Barboi, Petach-Tikva (IL); and Tal Zigman, Petach-Tikva (IL)
Assigned to CyberArk Software Ltd., Petach-Tikva (IL)
Filed by CyberArk Software Ltd., Petach-Tikva (IL)
Filed on Dec. 21, 2022, as Appl. No. 18/086,119.
Application 18/086,119 is a continuation of application No. 17/097,809, filed on Nov. 13, 2020, granted, now 11,552,943.
Prior Publication US 2023/0123524 A1, Apr. 20, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0853 (2013.01) [H04L 63/0272 (2013.01); H04L 63/029 (2013.01); H04L 63/10 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for securely establishing secretless and remote native access sessions, the operations comprising:
identifying a request by a client to participate in a remote native access session with a target resource, the target resource requiring a credential for secure access by the client, wherein the client has a remote access protocol file including information for establishing a secure tunnel connection using a native remote access client without using the credential, wherein the remote access protocol file includes:
an identifier associated with the client, the identifier being distinct from the credential; and
at least one of a field or a designated space for the credential, the field or the designated space being blank or including default text other than the credential;
intercepting the request prior to the request reaching the target resource;
sending a prompt to the client to establish the secure tunnel connection with a connection agent using the identifier associated with the client, the identifier being accessed from the remote access protocol file, wherein the secure tunnel connection is established without using the credential;
authenticating the client, wherein authenticating the client includes transmitting a notification to a mobile device associated with the user;
receiving from the client, via the secure tunnel connection, an additional request to access the target resource, wherein the additional request includes a token identifying the target resource from among one or more target resources;
obtaining the credential based on the token and an account selected by a user; and
initiating the remote native access session between the client and the target resource, wherein initiating the remote native access session includes:
modifying the intercepted request to include the credential; and
submitting the modified request on behalf of the client.