Abstract: In one implementation, a client device receives a request from a user to output a representation for a credential of the user. In response to receiving the request from the user to output the representation for the credential of the user, the client device obtains data identifying a third-party having authority to grant the user access to the credential of the user. The client device then obtains a representation of a credential associated with the third-party and validates the representation of the credential associated with the third-party. In response to validating the representation of the credential associated with the third-party, the client device outputs the representation for the credential of the user.

Abstract: Location information of a client device associated with a credential is determined to be tracked. The credential has been granted to a user of the client device by a credential granting authority to indicate a status of the user with the credential. Known location data that indicates known locations is maintained. The credential data is associated with each of the known locations, and geographic data for each of the known locations. A location of the client device associated with the credential and a particular time associated with the location is determined. A subset of the known location data that defines one or more locations that are known for the credential is accessed from the known location data. The location of the client device associated with the credential is compared with geographic data included in the accessed subset of the known location data.

Abstract: A server system maintains data indicative of credentials held by multiple different users. Each of the credentials has been issued by a credential granting authority that is separate from an entity that operates the server system. The server system receives selection data that indicates how credential data of a first user is to be made available to other users. Based on the selection data, the server system stores availability data that indicates how credential data of the first user is to be made available to the other users. The server system also maintains a location of a mobile computing device associated with the first user and, based on the availability data and the location, provides, to at least a second user, information about at least one credential held by the first user in association with an indication of the location.

Abstract: Method, systems, and computer-readable media for receiving, from an application instance operating on a client device, information that indicates a client device identifier, a wireless proximity beacon identifier, and a proximity of the identified client device to the identified wireless proximity beacon. From the received information, a determination is made whether the proximity of the identified client device to the identified wireless proximity beacon satisfies a threshold proximity. Based at least on the determination, an action is determined that the application instance operating on the identified client device is permitted to perform while the proximity of the identified client device to the identified wireless proximity beacon satisfies the threshold proximity. Information is transmitted to the identified client device that enables the application instance operating on the identified client device to perform the action.

Abstract: A request is received by a member of a credential granting authority to issue an electronic visitor credential to a visitor of the credential granting authority, the electronic visitor credential enabling access to resources of the credential granting authority. It is determined that the member of the credential granting authority is authorized to issue the credential to the visitor. Based on the determination that the member of the credential granting authority is authorized to issue the credential to the visitor, the electronic visitor credential is issued with at least one timing restriction that defines a time period during which the electronic visitor credential is valid and at least one usage restriction that limits resources of the credential granting authority to which the electronic visitor credential enables access It is determined to withdraw the electronic visitor credential. Based on determining to withdraw the electronic visitor credential, the credential is withdrawn.

Abstract: Obtaining and/or validating user credentials at client devices is described. A phrase may be generated based on one or more index values determined according to a function of time and a credential identifier identifying a user credential. The phrase may be output by the client device for validating the user credential.

Abstract: Systems and methods are disclosed for distributing an in-memory data store over a plurality of independent data partitions. For example, the method includes associating each of the plurality of independent data partitions with at least one of a plurality of processing units such that one or more data sets in a corresponding each of the plurality of independent data partitions are processed by the at least one of the plurality of processing units. A query execution engine is provided for causing the plurality of processing units to execute, in parallel, a series of queries to the plurality of independent data partitions.

Abstract: A method and system for management access tokens is described. Access tokens for accessing third-party resources are stored and managed in a token repository. An access token may be obtained from a third-party resource. Once a user has authorized the system to access a third-party resource and unless that authorization is revoked, the user is not required to reauthorize the system in a pending or any subsequent interactive session, regardless of which shard of the system and third-party resource the user is connected to. The system can also use the authorization to execute scheduled requests for accessing or obtaining data from the third-party resource.

Abstract: The subject matter described herein can be embodied in a computer-readable medium storing instructions that cause one or more processors to perform operations including receiving, from a client device associated with a user account of a first user, a request to grant a second user access to a key associated with a credential. The credential is associated with the user account of the first user, the request includes an address of the second user, and the key permits access to a resource. The operations include accessing, at a server, a second user account based on the address of the second user, and associating, by the server, the key with the second user account, such that the second user is enabled to access the resource. The operations further include communicating, to the address of the second user, a message indicating that the second user account has been associated with the key.

Abstract: The disclosure of the present document can be embodied in a non-transitory computer-readable medium storing instructions that cause one or more processors to perform various operations, including, receiving, from a first client device associated with a user account of a first user, a request for sharing a document. The document is associated with a credential of the first user, and the credential is associated with the user account of the first user. The operations include transmitting, in response to the request, a code associated with the document, and receiving, from a second client device, a request to access the document. The request to access the document includes the code associated with the document. The operations include determining, based on the request to access the document, that the second client device is authorized to access the document, and communicating, to the second client device, a message including information about the document.

Abstract: Users of a social networking platform may provide electronic keys to other users of the social networking platform. Use of an electronic key may be subject to one or more conditions specified by the issuer of the electronic key. Data may be provided that enables the recipient to use the electronic key in accordance with the one or more conditions on use of the electronic key.

Abstract: In one implementation, a credential associated with a user identifier and a location is stored at a client device. A request to output a representation of the credential in a manner that enables a credential authority to validate the representation is received. Responsive to receiving the request to render the representation of the credential, a location of the client device is obtained and a determination that the location of the client device is within a predefined distance of the location associated with the credential is made. Responsive to determining that the location of the client device is within the predefined distance of the location associated with the credential, data indicating that the user has entered the location associated with the credential is stored in a memory of the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for site codes for website authentication are disclosed. In one aspect, a method includes receiving, a request to start a new authenticated session of the web page on the client device. The method includes generating an optical machine-readable code and a security image. The method includes transmitting (i) the security image, (ii) the optical machine-readable code, and (iii) instructions for the server to provide the security image and the optical machine-readable code for simultaneous display. The method includes receiving extracted data that the mobile device extracted from the optical machine-readable code in response to the mobile device optically detecting the optical machine-readable code using a camera of the mobile device. The method includes verifying an identity of the user based on a comparison of the extracted data and data corresponding to the optical machine-readable code.

Abstract: Database report subscription technology, in which subscriptions are delivered to multiple, different recipients on a customized basis. In response to detection of an event that triggers generation and delivery of a database report, customized versions of the report are generated for the multiple, different recipients based on a definition of the data used to generate the report included in the subscription, report parameters that define presentation aspects of the report included in the subscription, and profile data associated with at least one of the multiple, different recipients. The customized versions of the report include at least a first version of the report and a second version of the report that differs from the first version of the report and the customized versions of the report are delivered to the multiple, different recipients.

Abstract: In one implementation, a query is received that is related to data stored in a database that is implemented in computer memory. Based on the received query, attributes of data stored in the database that are relevant to generating a response to the received query are identified. Information that is indicative of attributes for which values are recorded in different tables included in the database is accessed. Based on having accessed this information, tables included in the database that record values for the attributes identified as being relevant to generating a response to the received query are identified. These tables then are joined to create, within computer memory, a new table that reflects relationships between values of attributes identified as being relevant to generating a response to the received query.

Abstract: Obtaining and/or validating user credentials at client devices is described. This disclosure describes methods of generating representations of credentials for groups of users or for individuals. Representations for these credentials can be managed by a server or collection of servers, and distributed to appropriate users' client devices. These representations can then be outputted for evaluation by a credential authority, who confirms that the credential possessed by a given user is valid. A credential authority may be a person and/or a device that validates a credential.

Abstract: Method, systems, and computer-readable media for receiving, from an application instance operating on a client device, education information that indicates a client device identifier, a wireless proximity beacon identifier, and a proximity of the identified client device to the identified wireless proximity beacon. From the received education information, a determination is made whether the proximity of the identified client device to the identified wireless proximity beacon satisfies a threshold proximity. Based at least on the determination, an action is determined that the application instance operating on the identified client device is permitted to perform while the proximity of the identified client device to the identified wireless proximity beacon satisfies the threshold proximity. Education information is transmitted to the identified client device that enables the application instance operating on the identified client device to perform the action.

Abstract: Obtaining and/or validating user credentials at client devices is described.

Abstract: A user of a mobile device is authenticated in a manner that enables the user access to a credential that has been issued by a credential-issuing organization. One or more keys are identified that are associated with the credential and that enable access to one or more physical resources associated with the credential-issuing organization. A physical orientation of the user's mobile device is determined. A display arrangement of one or more control icons that enable usage of the one or more keys is determined based on a physical orientation of the one or more physical resources relative to the determined physical orientation of the mobile device. The one or more control icons are displayed in accordance with the determined display arrangement.

Abstract: In one implementation, a server system receives, from a device of a user, a request to add a credential issued by an organization and authentication information that has been authorized, independently of the server system, by the organization that issued the credential. The server system identifies the organization related to the request to add the credential and identifies communication information established for the organization. The server system provides, using the communication information and to a system operated by the organization, the authentication information and receives, using the communication information and from the system operated by the organization, credential information for the user. The server system adds one or more credentials to an account of the user based on the received credential information.