Abstract: The subject system may be implemented by a processor circuit configured to receive a request to access a service of the first server, verify the one or more attributes associated with the digital pass based on the digital signature associated with the digital pass, provide the user device access to the service, and, in response to unsuccessfully verifying the one or more attributes associated with the digital pass, forgo providing the user device access to the service.

Abstract: The subject system may be implemented by a processor circuit configured to receive a digital pass from a first server. The digital pass comprises one or more attributes. The processor circuit is also configured to transmit, to a second server, a request to access a service associated with at least one of the one or more attributes of the digital pass, receive, from the second server, a request for verification of the one or more attributes, transmit, responsive to the request, at least a portion of the digital pass including a digital signature to the second server for verification of the one or more attributes, and access the service via the second server based at least in part on transmitting the at least the portion of the digital pass to the second server.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: The present disclosure generally relates to account recovery. An example method includes, at a computer system in communication with a display generation component and one or more input devices: performing a recovery contact set up process including providing a notification to a contact; after performing the recovery contact set up process, receiving, via the one or more input devices, a request to initiate an account recovery process; in response to the request to initiate the account recovery process and without providing a request to the contact, displaying, via the display generation component, a recovery code interface for receiving a set of recovery credentials; while displaying of the recovery code interface, receiving the set of recovery credentials; in accordance with a determination that the recovery credentials are valid, performing a recovery function; and in accordance with a determination that the recovery credentials are not valid, forgoing performing the recovery function.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: The present disclosure generally relates to account recovery. An example method includes, at a computer system in communication with a display generation component and one or more input devices: performing a recovery contact set up process including providing a notification to a contact; after performing the recovery contact set up process, receiving, via the one or more input devices, a request to initiate an account recovery process; in response to the request to initiate the account recovery process and without providing a request to the contact, displaying, via the display generation component, a recovery code interface for receiving a set of recovery credentials; while displaying of the recovery code interface, receiving the set of recovery credentials; in accordance with a determination that the recovery credentials are valid, performing a recovery function; and in accordance with a determination that the recovery credentials are not valid, forgoing performing the recovery function.

Abstract: Techniques disclosed herein relate to the authentication of a first user in a communication session between the first user using a user device and a second user using a remote computer system. The computer system sends an authentication request in the session, and the user device receives the authentication request in the session via a messaging program. The user device then causes a different program to access an authentication token received from an authentication computer system. The user device sends an indication of the authentication token to the remote computer system which the remote computer system verifies to authenticate the first user within the session.

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: Establishing a communication channel via a relay server with reduced setup time. Upon request by an initiating communication device a relay allocation server may allocate a single relay server for use in a communication session between the initiating communication device and one or more recipient communication devices. The relay server may be selected to perform favorably for the initiating communication device. Messaging for establishment of the communication session may be performed using persistent messaging connections, to avoid connection establishment cost. Messaging may also be performed using address tokens to avoid the cost of discovering global IP addresses. Following establishment of the communication session, the relay server may discover the IP address of one or more recipient communication devices, and may initiate reallocation of those devices to another relay server.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: This Application sets forth techniques for establishing a custodial relationship between a user device and a custodian device for recovering access to a user account and/or to encrypted user data with assistance provided by the custodian device to effect access recovery. A server of a cloud network service provides an anonymous identifier to associate with the custodian device and an account recovery key to store at the custodian device. Identity of an account of the cloud network service associated with the custodian device can be hidden from the server. The user device generates a data recovery key and provides a first portion of the data recovery key to the custodian device and a second portion of the data recovery key to the server. Integrity of the stored account recovery key and portions of the data recovery key are checked regularly by the custodian device and the user device.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.

Abstract: The subject disclosure provides a machine learning engine trained to recommend, from contacts on a user's device, potential group members to be included in a group with the user. The potential group members can be identified in a privacy preserving manner in which the identification is performed locally at the user's device, using data that is locally stored at the user device. In one or more implementations, a remote server may provide an initial indication to the user's device that potential group members may exist, thereby triggering the local identification of the potential group members for suggestion to the user.

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: Techniques disclosed herein relate to the authentication of a first user in a communication session between the first user using a user device and a second user using a remote computer system. The computer system sends an authentication request in the session, and the user device receives the authentication request in the session via a messaging program. The user device then causes a different program to access an authentication token received from an authentication computer system. The user device sends an indication of the authentication token to the remote computer system which the remote computer system verifies to authenticate the first user within the session.

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: Techniques disclosed herein relate to the authentication of a first user in a communication session between the first user using a user device and a second user using a remote computer system. The computer system sends an authentication request in the session, and the user device receives the authentication request in the session via a messaging program. The user device then causes a different program to access an authentication token received from an authentication computer system. The user device sends an indication of the authentication token to the remote computer system which the remote computer system verifies to authenticate the first user within the session.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: Disclosed herein are techniques for enabling a user to activate a new device with a Mobile Network Operator (MNO) without requiring the user to provide MNO authentication credentials that are easily forgotten. The user activates the new device using credentials from an existing device (associated with the user) that is trusted by the MNO and also using a trust score provided by a third-party server that has knowledge of associations between the user and the existing device. The new device can be a supplemental device, such as a wearable device to a cellular phone, where both devices remain capable of accessing services provided by the MNO after the new device is activated with the MNO. The new device can also be a replacement device, such as a new phone, tablet, or wearable device, where the new device supplants access to services provided by the MNO for an existing device.