Abstract: The subject technology provides for detecting, by a first computing device, a second computing device being within a predetermined distance of the first computing device, the first computing device being in a locked mode. The subject technology receives an access key from the second computing device. Additionally, the subject technology exits, by the first computing device, the locked mode based on the access key from the second computing device.

Abstract: A method of adding a user account to an unassociated device may include detecting, by an associated device that is associated with a user account, an audio signal broadcast by an unassociated device that is not associated with the user account, where the audio signal includes a token. The method may include sending the token to a computing device associated with a service provider of the user account, receiving, by the associated device, a command, determining that the received command is an authorization command, and in response to determining that the received command is an authorization command, sending one or more authorization instructions to the computing device. The one or more authorization instructions may instruct the computing device to send one or more credentials associated with the user.

Abstract: The subject technology provides for detecting, by a first computing device, a second computing device being within a predetermined distance of the first computing device, the first computing device being in a locked mode. The subject technology receives an access key from the second computing device. Additionally, the subject technology exits, by the first computing device, the locked mode based on the access key from the second computing device.

Abstract: A first computing device provides an indication that the first computing device accepts dynamic user registration of user accounts over a wireless connection. A second computing device automatically connects to the first computing device and passes an account token to the first computing device over the wireless connection, all without physical interaction with the first computing device. The first computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the first computing device.

Abstract: A method of adding a user account to an unassociated device may include detecting, by an associated device that is associated with a user account, an audio signal broadcast by an unassociated device that is not associated with the user account, where the audio signal includes a token. The method may include sending the token to a computing device associated with a service provider of the user account, receiving, by the associated device, a command, determining that the received command is an authorization command, and in response to determining that the received command is an authorization command, sending one or more authorization instructions to the computing device. The one or more authorization instructions may instruct the computing device to send one or more credentials associated with the user.

Abstract: A first computing device monitors a presence of a second computing device, and determines when the second computing device has moved out of an area proximate to the first computing device. In response to determining that the second computer moved out of the area, the first computing device is automatically configured to limit user interaction with one or more applications currently operating on the first computing device to a predetermined set of commands while preventing user interaction with other applications provided by the first computing device.

Abstract: A first computing device provides an indication that the first computing device accepts dynamic user registration of user accounts over a wireless connection. A second computing device automatically connects to the first computing device and passes an account token to the first computing device over the wireless connection, all without physical interaction with the first computing device. The first computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the first computing device.

Abstract: A system and method is disclosed for authenticating a user using locally stored credentials. A website is configured to provide, to a web browser, a login page, including header information which informs the web browser that the website may accept an automatic login. In response to receiving, from the web browser, credential information and a request to login to the website, a login token having an expiration time is generated by an authentication server and returned to the web browser. The web browser provides the login token to an authentication address associated with the website, before the expiration time, to automatically login to the website.

Abstract: A computing device provides an indication that the computing device accepts dynamic user registration of user accounts over a wireless connection. A wireless mobile device automatically connects to the computing device, establishes an encrypted connection, and receives, over the encrypted connection, and passes an encrypted account token over the encrypted connection to the computing device, all without physical interaction with the computing device. The computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the device.

Abstract: A computing device provides an indication that the computing device accepts dynamic user registration of user accounts over a wireless connection. A wireless mobile device automatically connects to the computing device, establishes an encrypted connection, and receives, over the encrypted connection, and passes an encrypted account token over the encrypted connection to the computing device, all without physical interaction with the computing device. The computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the device.

Abstract: A first computing device monitors a presence of a second computing device, and determines when the second computing device has moved out of an area proximate to the first computing device. In response to determining that the second computer moved out of the area, the first computing device is automatically configured to limit user interaction with one or more applications currently operating on the first computing device to a predetermined set of commands while preventing user interaction with other applications provided by the first computing device.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.

Abstract: Systems and methods provide a user with secure access to a web site at a first client device without having to enter login information, such as a username and password, at that device. For example, the first device may request access to user information from a server system. The server may generate a session ID, associate it with the first device, and encode it into a bar code that is displayed at the first device. Using camera functions, a second client device may identify and decode the bar code to determine the session ID. The login information may be entered into the second device in order to establish a secure connection with the server. The second device may transmit the session ID to the server system. The server may identify the first client device based on the common session ID and transmit the requested user information to the first device.

Abstract: Pre-authentication information of devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link with location-limited channels being initially used to pre-authenticate devices. Use of public keys in the pre-authentication data allows for the broadening of types of media suitable for use as location-limited channels to include, for example, audio and infrared. Also, it allows a range of key exchange protocols which can be authenticated in this manner to include most public-key-based protocols. As a result, a large range of devices, protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access an ad-hoc exchange. However, this results in the discovery of the eavesdropper.

Abstract: Techniques are provided for the lightweight authentication of a user to an application, a computer or other device. An interaction element such as a stylus, a pen or marker is uniquely identified. The interactive element is associated with a user. The interaction element provides a means for interacting with the application. The proximity of the identification element within the interaction element during data entry operations to the authentication sensor signals the controlled application that the user has been authenticated.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticated data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: A method of receiving mobile code includes receiving, from a source node, a dependency descriptor describing at least one permitted configuration, each configuration comprising necessary conditions on a destination node to execute mobile code, executing, on the destination node, checker code associated with the conditions described in the dependency descriptor, and, if at least one configuration is compatible, receiving the mobile code at the destination node.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A system and method for sharing files securely includes server software on a first device configured to communicate with server software operating on one or more other preauthorized devices, such as a second device. The servers communicate with each other securely using cryptographic information exchanged during a preauthorization phase using a range-limited communication channel. The server on the first device obtains file information from the other preauthorized device(s) and combines the information with local file information from the first device. This combined file information is sent to client software operating on the machine, which presents the combined file information to users.