Abstract: Systems, methods, and apparatus, including computer-readable storage media storing executable instructions, for enhanced authentication security. In some implementations, an authentication request associated with a first communication session is received. A second communication session having parameter values derived from parameter values for the first communication session. An authorization code corresponding to the second communication session is generated. The first communication session as closed. The authentication code is provided to the device in response to the authentication request.

Abstract: Obtaining and/or validating time-varying representations for user credentials at client devices is described.

Abstract: Systems, methods, and apparatus, including computer-readable storage media storing executable instructions, for enhanced authentication security. In some implementations, an authentication request associated with a first communication session is received. A second communication session having parameter values derived from parameter values for the first communication session. An authorization code corresponding to the second communication session is generated. The first communication session as closed. The authentication code is provided to the device in response to the authentication request.

Abstract: Systems, methods, and apparatus, including computer-readable storage media storing executable instructions, for enhanced authentication security. In some implementations, an authentication request associated with a first communication session is received. A second communication session having parameter values derived from parameter values for the first communication session. An authorization code corresponding to the second communication session is generated. The first communication session as closed. The authentication code is provided to the device in response to the authentication request.

Abstract: In one implementation, a server system receives, from a device of a user, a request to add a credential issued by an organization and authentication information that has been authorized, independently of the server system, by the organization that issued the credential. The server system identifies the organization related to the request to add the credential and identifies communication information established for the organization. The server system provides, using the communication information and to a system operated by the organization, the authentication information and receives, using the communication information and from the system operated by the organization, credential information for the user. The server system adds one or more credentials to an account of the user based on the received credential information.

Abstract: A method comprising: storing, at a server, an electronic resource that has been electronically signed by a user; associating the electronic resource with an identifier; receiving, at the server and from a client device, a request to identify the user who electronically signed the electronic resource, the request including a reference to the identifier; responsive to receiving the request to identify the user who electronically signed the electronic resource, identifying, based on the reference to the identifier, the electronic resource stored at the server; responsive to identifying the electronic resource stored at the server, identifying the user who electronically signed the identified electronic resource; and transmitting, from the server to the client device, an indication of an identity of the user who electronically signed the electronic resource.

Abstract: Obtaining and/or validating time-varying representations for user credentials at client devices is described.

Abstract: In one implementation, a server system receives, from a device of a user, a request to validate a credential of a second user. The server system identifies the credential of the second user to validate based on the request received from the device of the first user. The server system confirms that the credential of the second user corresponds to a credential issued to the second user by a credential issuing organization. The server system accesses the credential information for the credential of the second user and validates the credential of the second user to the first user.

Abstract: A method performed by one or more processing devices, comprising: receiving a request for a quick response code associated with the hosted resource; generating a reference code that references information included in the request; and encoding the reference code into the requested quick response code; transmitting information indicative of the quick response code to the system hosting the resource; receiving a request for access to a resource, the request for access comprising a decoded version of the quick response code; determining that access is requested for the hosted resource; determining that a user who is requesting access to the hosted resource is permitted to access the hosted resource; responsive to determining that the user is permitted to access the hosted resource, transmitting a token for permitting the user to access the hosted resource; and transmitting a message specifying that the user is granted access to the hosted resource.

Abstract: In one implementation, a client device obtains data associated with a credential. The client device then obtains a first version of a representation for the credential and a second version of the representation for the credential, the first version being configured for validation by a validation entity via concurrent network communication, and the second version being configured for validation by a validation entity without concurrent network communication, wherein the second version of the credential comprises a digital signature derived from a private key of a credential grantor and a portion of the data associated with the credential. The client device receives a request to output a representation for the credential. Then the client device outputs the second version of the representation for the credential in a manner that enables a validation entity to validate the credential by accessing a public key of the credential grantor to authenticate the digital signature.

Abstract: In one implementation, a server system receives, from a device of a user, a request to add a credential issued by an organization and authentication information that has been authorized, independently of the server system, by the organization that issued the credential. The server system identifies the organization related to the request to add the credential and identifies communication information established for the organization. The server system provides, using the communication information and to a system operated by the organization, the authentication information and receives, using the communication information and from the system operated by the organization, credential information for the user. The server system adds one or more credentials to an account of the user based on the received credential information.

Abstract: A server receives a request from a first client device for a file access code. The server generates the file access code, including associating a validity time period with the file access code. The server associates the file access code with a user account at the server and transmits a response to the first client device including the file access code. The server receives, from the first client device, information corresponding to an electronic file. Based on determining that the validity time period for the file access code has not elapsed, the server generates an association between the electronic file and the file access code. The server receives, from a second client device, the file access code. Based on determining that the validity time period of the file access code has not elapsed, the server identifies the electronic file and enables the second client device to access the electronic file.

Abstract: A method performed by one or more processing devices, comprising: receiving information corresponding to an electronic resource of a first user; generating a resource identifier for the electronic resource of the first user; receiving a request for access to an electronic resource that is shared with a second user of the second client device; identifying, based on the first information, that the electronic resource of the first user is the electronic resource for which the second user is requesting access; determining, in response to the request, second information that is based on the received first information; determining a correspondence between the first information and the second information; determining that the second user of the second client device is authorized to access the electronic resource of the first user; and enabling the second client device to access the electronic resource of the first user.

Abstract: A method performed by one or more processing devices, comprising: receiving a request for a quick response code associated with the hosted resource; generating a reference code that references information included in the request; and encoding the reference code into the requested quick response code; transmitting information indicative of the quick response code to the system hosting the resource; receiving a request for access to a resource, the request for access comprising a decoded version of the quick response code; determining that access is requested for the hosted resource; determining that a user who is requesting access to the hosted resource is permitted to access the hosted resource; responsive to determining that the user is permitted to access the hosted resource, transmitting a token for permitting the user to access the hosted resource; and transmitting a message specifying that the user is granted access to the hosted resource.