Abstract: Methods, systems, and apparatus, including computer-readable media, for predictively providing access to resources. In some implementations, a method includes receiving movement data indicating movement of a mobile device associated with a user while the mobile device approaches a resource is received. A credential of the user authorizes access to the resource. Based on the movement data, the movement of the mobile device is classified as corresponding to an attempt to access the resource. The mobile device is determined to be in proximity to the resource. Before the user interacts with the resource, the resource is caused to be unlocked or opened in response to determining that the credential of the user authorizes access to the resource, classifying the movement of the mobile device as corresponding to an attempt to access the resource, and determining that the mobile device is in proximity to the resource.

Abstract: Methods, systems, and apparatus, including computer-readable media, for predictively providing access to resources. In some implementations, a method includes receiving movement data indicating movement of a mobile device associated with a user while the mobile device approaches a resource is received. A credential of the user authorizes access to the resource. Based on the movement data, the movement of the mobile device is classified as corresponding to an attempt to access the resource. The mobile device is determined to be in proximity to the resource. Before the user interacts with the resource, the resource is caused to be unlocked or opened in response to determining that the credential of the user authorizes access to the resource, classifying the movement of the mobile device as corresponding to an attempt to access the resource, and determining that the mobile device is in proximity to the resource.

Abstract: In one implementation, a computer system maintains one or more permissions associated with a credential held by a first user, where at least one of the one or more of permissions is delegatable by the first user to one or more other users. The computer system receives an indication that the first user has chosen to delegate a particular permission from amongst the one or more permissions to a second user, wherein the particular permission is needed to perform a particular type of action. Based on the first user indicating a choice to delegate the particular permission to the second user, the computer system associates the delegation of the particular permission with the second user. Based on delegating the particular permission with the second user, the computer system enables the second user to perform the particular type of action.

Abstract: In one implementation, a server receives a request from a client device to access a user account, wherein the user account provides access to one or more credentials associated with the user. The server determines that the client device is not associated with the user account and prompts the user to provide a biometric identification of the user. The server then receives data representing the biometric identification of the user from the client device. The server determines that the data representing the biometric identification of the user matches a biometric profile of the user associated with the user account. In response to the determination, the server associates the client device with the user account, such that the user is enabled to access the user account, and the associated one or more credentials, from the client device.

Abstract: In one implementation, a processing system receives a request from a user to output a representation for a credential at a client device, the credential being associated with the user. In response to receiving the request from the user to output the representation for the credential, the processing system accesses data identifying one or more conditions associated with the credential. The processing system then determines that at least one of the one or more conditions associated with the credential is not satisfied. And then, in response to determining that the at least one of the one or more conditions associated with the credential is not satisfied, the processing system denies the request from the user to output the representation for the credential at the client device.

Abstract: Obtaining and/or validating time-varying representations for user credentials at client devices is described.

Abstract: A server system maintains data indicative of credentials held by multiple different users. Each of the credentials has been issued by a credential granting authority that is separate from an entity that operates the server system. The server system receives selection data that indicates how credential data of a first user is to be made available to other users. Based on the selection data, the server system stores availability data that indicates how credential data of the first user is to be made available to the other users. The server system also maintains a location of a mobile computing device associated with the first user and, based on the availability data and the location, provides, to at least a second user, information about at least one credential held by the first user in association with an indication of the location.

Abstract: Obtaining and/or validating user credentials at client devices is described. A phrase may be generated based on one or more index values determined according to a function of time and a credential identifier identifying a user credential. The phrase may be output by the client device for validating the user credential.

Abstract: In some implementations, a system may control an environment in which biometric data is entered when a user enrolls data for a user account or authenticates after having enrolled user data. Enrollment and/or authentication may be required to occur under one or more conditions. In some implementations, data from an electronic device associated with a user may be used to determine whether conditions on enrollment and/or authentication have been satisfied.

Abstract: The disclosure of the present document can be embodied in a non-transitory computer-readable medium storing instructions that cause one or more processors to perform various operations, including, receiving, from a first client device associated with a user account of a first user, a request for sharing a document. The document is associated with a credential of the first user, and the credential is associated with the user account of the first user. The operations include transmitting, in response to the request, a code associated with the document, and receiving, from a second client device, a request to access the document. The request to access the document includes the code associated with the document. The operations include determining, based on the request to access the document, that the second client device is authorized to access the document, and communicating, to the second client device, a message including information about the document.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for site codes for website authentication are disclosed. In one aspect, a method includes receiving, a request to start a new authenticated session of the web page on the client device. The method includes generating an optical machine-readable code and a security image. The method includes transmitting (i) the security image, (ii) the optical machine-readable code, and (iii) instructions for the server to provide the security image and the optical machine-readable code for simultaneous display. The method includes receiving extracted data that the mobile device extracted from the optical machine-readable code in response to the mobile device optically detecting the optical machine-readable code using a camera of the mobile device. The method includes verifying an identity of the user based on a comparison of the extracted data and data corresponding to the optical machine-readable code.

Abstract: In one implementation, a credential associated with a user identifier and a location is stored at a client device. A request to output a representation of the credential in a manner that enables a credential authority to validate the representation is received. Responsive to receiving the request to render the representation of the credential, a location of the client device is obtained and a determination that the location of the client device is within a predefined distance of the location associated with the credential is made. Responsive to determining that the location of the client device is within the predefined distance of the location associated with the credential, data indicating that the user has entered the location associated with the credential is stored in a memory of the client device.

Abstract: In some implementations, a system may control an environment in which biometric data is entered when a user enrolls data for a user account or authenticates after having enrolled user data. Enrollment and/or authentication may be required to occur under one or more conditions. In some implementations, data from an electronic device associated with a user may be used to determine whether conditions on enrollment and/or authentication have been satisfied.

Abstract: Obtaining and/or validating user credentials at client devices is described. This disclosure describes methods of generating representations of credentials for groups of users or for individuals. Representations for these credentials can be managed by a server or collection of servers, and distributed to appropriate users' client devices. These representations can then be outputted for evaluation by a credential authority, who confirms that the credential possessed by a given user is valid. A credential authority may be a person and/or a device that validates a credential.

Abstract: Obtaining and/or validating user credentials at client devices is described.

Abstract: In one implementation, a server system receives, from a device of a user, a request to add a credential issued by an organization and authentication information that has been authorized, independently of the server system, by the organization that issued the credential. The server system identifies the organization related to the request to add the credential and identifies communication information established for the organization. The server system provides, using the communication information and to a system operated by the organization, the authentication information and receives, using the communication information and from the system operated by the organization, credential information for the user. The server system adds one or more credentials to an account of the user based on the received credential information.

Abstract: Obtaining and/or validating user credentials at client devices is described. This disclosure describes methods of generating representations of credentials for groups of users or for individuals. Representations for these credentials can be managed by a server or collection of servers, and distributed to appropriate users' client devices. These representations can then be outputted for evaluation by a credential authority, who confirms that the credential possessed by a given user is valid. A credential authority may be a person and/or a device that validates a credential.

Abstract: A method comprising: storing, at a server, an electronic resource that has been electronically signed by a user; associating the electronic resource with an identifier; receiving, at the server and from a client device, a request to identify the user who electronically signed the electronic resource, the request including a reference to the identifier; responsive to receiving the request to identify the user who electronically signed the electronic resource, identifying, based on the reference to the identifier, the electronic resource stored at the server; responsive to identifying the electronic resource stored at the server, identifying the user who electronically signed the identified electronic resource; and transmitting, from the server to the client device, an indication of an identity of the user who electronically signed the electronic resource.

Abstract: Obtaining and/or validating time-varying representations for user credentials at client devices is described.

Abstract: The disclosure of the present document can be embodied in a non-transitory computer-readable medium storing instructions that cause one or more processors to perform various operations, including, receiving, from a first client device associated with a user account of a first user, a request for sharing a document. The document is associated with a credential of the first user, and the credential is associated with the user account of the first user. The operations include transmitting, in response to the request, a code associated with the document, and receiving, from a second client device, a request to access the document. The request to access the document includes the code associated with the document. The operations include determining, based on the request to access the document, that the second client device is authorized to access the document, and communicating, to the second client device, a message including information about the document.