Abstract: A method of implementing a network-enabled secure door lock, comprising obtaining measurements of an environment associated with a door from a variety of sensor types; generating, based at least in part on the measurements, a set of inputs to a machine-learning model; inputting the set of inputs into the machine learning model to determine a status of the door; generating a message that indicates the status of the door; and transmitting the message to a user device.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. If it is determined that the audio includes unexpected environmental audio in addition to the voice authentication factor that has been verified, one or more actions may be performed.

Abstract: A computer-facilitated service receives a request from a user to access resources provided by the computer-facilitated service. In response to the request, the computer-facilitated service selects an authentication method that can be performed by a remote authentication provider. The computer-facilitated service causes the remote authentication provider to perform the authentication method. In response to an authentication decision provided by the remote authentication provider, the computer-facilitated service determines whether the user has been authenticated by the remote authentication provider. If so, the computer-facilitated service fulfills the request from the user to access the resources.

Abstract: A method of implementing a network-enabled secure door lock, comprising determining, at a first component of the lock, a nonce; wirelessly transmitting the nonce to a second component of the door lock, the first component and second component selectively mechanically engagable with one another to prevent relative movement between the first component and second component to prevent opening of a door; receiving, at the first component, a first message; using a cryptographic key associated with the second component and the nonce to validate the first message; and as a result of determining that the message is valid, transmitting a second message indicating that the first component and second component have become mechanically engaged with one another.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: Disclosed are various embodiments for repurposing limited-functionality networked devices as authentication factors. In one embodiment, an authentication service identifies a limited-functionality networked device associated with an account and communicatively coupled to the network. The limited-functionality networked device is configured to perform a first function upon a predefined user interaction. The service configures the limited-functionality networked device to perform a second function based at least in part on the predefined user interaction. The service determines that the predefined user interaction has been performed by a user with respect to the limited-functionality networked device. The service authenticates the user at a client device for access to the account based at least in part on the predefined user interaction having been performed.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. In one embodiment, in response to a request from an application, a notification is generated in a notification area of a display. Entry of a user approval is facilitated via the notification. The security credential may be shown in the notification area so that a user may enter it in a form field of the application.

Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. A token exchange service receives a first authentication token from a client computing device. The first authentication token corresponds to a registration of an application of the client computing device for a user account. The first authentication token is validated. A second authentication token is generated, corresponding to a browser-based session for the user account. The second authentication token is sent to the client computing device.

Abstract: Disclosed are various embodiments for using an audio interface device to facilitate authentication for other devices. A client device presents an authentication code via an output device of the client device. The authentication code is received from a voice interface device. The voice interface device is in an authenticated state for access to an account, and the voice interface device received the authentication code from speech captured by a microphone of the voice interface device following a spoken wake word. The client device is authenticated for access to the account in response to determining that the authentication code received from the voice interface device matches the authentication code presented by the client device.

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. If it is determined that the audio includes unexpected environmental audio in addition to the voice authentication factor that has been verified, one or more actions may be performed.

Abstract: Disclosed are various embodiments for using an audio interface device to facilitate authentication for other devices. An authentication service causes a first client device to present an authentication code via an output device of the first client device. The authentication service receives the authentication code from a second client device. The second client device is in an authenticated state for access to an account, and the second client device received the authentication code from an environmental sensor while in a listening mode. The authentication service authenticates the first client device for access to the account in response to determining that the authentication code received from the second client device matches the authentication code presented by the first client device.

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. The audio is then compared with stored audio spoken by the user. If it is determined that an exact copy of the voice authentication factor is in the stored audio, one or more actions may be performed.

Abstract: User input into a user interface is symbolically represented to increase security. User input received into a user interface and a mapping is applied to the user input. A result of the mapping is provided. The user interface may be updated to include the result of the mapping and/or may be provided to another device, such as over a short range communication channel. A person who views or otherwise has access to the user interface does not obtain the user input, but the result of the mapping indicates whether the user input was provided correctly.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. In one embodiment, in response to a request from an application, a notification is generated in a notification area of a display. Entry of a user approval is facilitated via the notification. The security credential may be shown in the notification area so that a user may enter it in a form field of the application.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. In one embodiment, in response to a request from an application, a notification is generated in a notification area of a display. Entry of a user approval is facilitated via the notification. In response to receiving the approval, a security credential is transferred to the application. In another embodiment, the security credential may be shown in the notification area so that a user may enter it in a form field of the application.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

Abstract: Disclosed are various embodiments for distributing and verifying ephemeral security credentials of variable entropy across channels of communication of variable levels of security assurance. In one embodiment, a security credential is generated for a user account. A subset of a set of communication channels associated with the user account is determined based at least in part on respective measures of entropy and/or security assurance corresponding to individual ones of the set of communication channels. The security credential is divided into multiple portions. A corresponding portion of the portions is sent across individual channels of subset of channels. A client computing device is authenticated for access to the user account based at least in part on receiving the portions of the security credential.

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. The audio is then compared with stored audio spoken by the user. If it is determined that an exact copy of the voice authentication factor is in the stored audio, one or more actions may be performed.