Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: Establishing a communication channel via a relay server with reduced setup time. Upon request by an initiating communication device a relay allocation server may allocate a single relay server for use in a communication session between the initiating communication device and one or more recipient communication devices. The relay server may be selected to perform favorably for the initiating communication device. Messaging for establishment of the communication session may be performed using persistent messaging connections, to avoid connection establishment cost. Messaging may also be performed using address tokens to avoid the cost of discovering global IP addresses. Following establishment of the communication session, the relay server may discover the IP address of one or more recipient communication devices, and may initiate reallocation of those devices to another relay server.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: This Application sets forth techniques for establishing a custodial relationship between a user device and a custodian device for recovering access to a user account and/or to encrypted user data with assistance provided by the custodian device to effect access recovery. A server of a cloud network service provides an anonymous identifier to associate with the custodian device and an account recovery key to store at the custodian device. Identity of an account of the cloud network service associated with the custodian device can be hidden from the server. The user device generates a data recovery key and provides a first portion of the data recovery key to the custodian device and a second portion of the data recovery key to the server. Integrity of the stored account recovery key and portions of the data recovery key are checked regularly by the custodian device and the user device.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.

Abstract: The subject disclosure provides a machine learning engine trained to recommend, from contacts on a user's device, potential group members to be included in a group with the user. The potential group members can be identified in a privacy preserving manner in which the identification is performed locally at the user's device, using data that is locally stored at the user device. In one or more implementations, a remote server may provide an initial indication to the user's device that potential group members may exist, thereby triggering the local identification of the potential group members for suggestion to the user.

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: Techniques disclosed herein relate to the authentication of a first user in a communication session between the first user using a user device and a second user using a remote computer system. The computer system sends an authentication request in the session, and the user device receives the authentication request in the session via a messaging program. The user device then causes a different program to access an authentication token received from an authentication computer system. The user device sends an indication of the authentication token to the remote computer system which the remote computer system verifies to authenticate the first user within the session.

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: Techniques disclosed herein relate to the authentication of a first user in a communication session between the first user using a user device and a second user using a remote computer system. The computer system sends an authentication request in the session, and the user device receives the authentication request in the session via a messaging program. The user device then causes a different program to access an authentication token received from an authentication computer system. The user device sends an indication of the authentication token to the remote computer system which the remote computer system verifies to authenticate the first user within the session.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.

Abstract: A method and apparatus of a device that forwards an email from a first party to a second party is described. In an exemplary embodiment, the device receives an email, where the email includes a first email address associated with the first party, the first party email address is a “from” email address, a second email address associated with a second party, the second email address is a “to” email address; and the second email address is an anonymized email address. The device further extracts a local part of the second email address and the device determines a first party identifier from at least the local part of the first email address. In addition, the device determines a replacement address for the second email address using at least the first party identifier and replaces the second email address with the replacement address. The device further forwards the email using the replacement address.

Abstract: A method and apparatus of a device that endorses a proximity authorization for an authorization requesting device is described. In an exemplary embodiment, the device receives a proximity authorization request from the authorization requesting device, wherein the authorization requesting device is in proximity with the authorization endorsing device. The device additionally presents a local authorization request to a user of the authorization endorsing device and receives a set of user credentials for the local authorization request. The device further performs a local authorization on the device using at least the set of user credentials. In addition, the device sends a server authorization request to an identity management server, receives an authorization response from the identity management server, and returns the authorization response.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: A notification server may be configured to receive a message from a device, determine a device location from the message, determine a location identifier corresponding to the determined device location, and send the location identifier to the device. The device may be configured to generate a configuration identifier based on the location identifier and send a configuration data request including the configuration identifier to a cache server. The cache server may be configured to receive the configuration data request from the device, select a device configuration corresponding to the configuration identifier, where the device configuration is specific to the device location, and send the selected device configuration to the device. The device may be further configured to configure the device according to the selected device configuration.

Abstract: A system and method are described for establishing two-way push communication between an intermediate or companion device and a mobile device. Mobile devices register to listen for push notifications delivered through a push notification service from a specified set of providers. The presence of the mobile devices is delivered to the push notification service that maps the mobile devices to connections made between their respective companion devices and the push notification service. If the push notification service determines that a mobile device is “online,” in response to receiving a push notification for the mobile device, a current network connection over which a companion device is listening for push notifications is identified and the push notification is forwarded to the companion device. The companion device then can deliver the push notification to the mobile device.

Abstract: Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.