Abstract: A controller device within a home network (or any suitable network) can be configured to manage network access tokens for various accessory devices within the home network. These network access tokens can be used by the accessory devices to access the home network without needing the network owner's network password. The network access tokens can be revocable and/or for a limited time. The controller device can generate the network access tokens, and can provide them to the accessory devices (or other user devices) as well as to an access device on the home network. Once the access device is provisioned with the accessory device's network access token, the router can control whether the accessory device is to be granted access to the home network and for how long.

Abstract: Some aspects of this disclosure relate to implementing a thread device that can associate with a thread network. The thread device includes a network processor, a first memory, and a host processor communicatively coupled to the network processor and the first memory. The first memory can be a nonvolatile memory with a first level security protection, and configured to store a first dataset including thread network parameters for the network processor to manage network functions for the thread device associated with the thread network. The host processor is configured to perform various operations associated with the first dataset stored in the first memory. The network processor can be communicatively coupled to a second memory to store a second dataset, where the second dataset has a same content as the first dataset. The network processor is configured to manage the network functions based on the second dataset.

Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.

Abstract: The present disclosure generally relates to methods and user interfaces for authentication, including providing and controlling authentication at a computer system using an external device in accordance with some embodiments.

Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.

Abstract: The embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can include the steps of (1) approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device, (2) receiving, from the peripheral computing device: (i) an audio signal that encodes a password and timing information, and (ii) a light signal. Additionally, the method can involve, in response to identifying that the timing information correlates with the light signal: (3) extracting the password from the audio signal, and (4) establishing a communication link with the peripheral computing device based on the password. In turn, the method can involve (5) providing configuration information to the peripheral computing device over the communication link.

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

Abstract: The embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can include the steps of (1) approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device, (2) receiving, from the peripheral computing device: (i) an audio signal that encodes a password and timing information, and (ii) a light signal. Additionally, the method can involve, in response to identifying that the timing information correlates with the light signal: (3) extracting the password from the audio signal, and (4) establishing a communication link with the peripheral computing device based on the password. In turn, the method can involve (5) providing configuration information to the peripheral computing device over the communication link.

Abstract: Techniques disclosed herein relate to the pairing of a pairing initiator device and a pairing responder device for communication. The pairing initiator device and the pairing responder device range with each other to determine the distance between the pairing initiator device and the pairing responder device. Based on the distance being below a threshold distance, the pairing initiator device and the pairing responder device wirelessly pair with each other without further input from the user.

Abstract: A controller device within a home network (or any suitable network) can be configured to manage network access tokens for various accessory devices within the home network. These network access tokens can be used by the accessory devices to access the home network without needing the network owner's network password. The network access tokens can be revocable and/or for a limited time. The controller device can generate the network access tokens, and can provide them to the accessory devices (or other user devices) as well as to an access device on the home network. Once the access device is provisioned with the accessory device's network access token, the router can control whether the accessory device is to be granted access to the home network and for how long.

Abstract: Communicating wireless devices collaborate and utilize waveforms to enable secure channel estimation. To protect against a repetitive replay attack, some embodiments include Single Carrier Physical Layer (SC-PHY) waveforms and/or interpolated OFDM waveforms that do not include a repeatable or predictable structure. The waveforms are transmitted in ranging packet structures that are compatible with legacy 802.11 technologies that do not utilize secure channel estimation. The ranging packets are received in combination with the information previously exchanged to enable the receiving wireless system to securely determine a channel estimate (e.g., determine a channel estimate without an interloper transmission that is not an authentic first arrival path in a multi-path channel between the wireless systems). Thus, one or both of the wireless systems can estimate the distance between them (or range). Devices utilizing legacy 802.

Abstract: The embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can include the steps of (1) approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device, (2) receiving, from the peripheral computing device: (i) an audio signal that encodes a password and timing information, and (ii) a light signal. Additionally, the method can involve, in response to identifying that the timing information correlates with the light signal: (3) extracting the password from the audio signal, and (4) establishing a communication link with the peripheral computing device based on the password. In turn, the method can involve (5) providing configuration information to the peripheral computing device over the communication link.

Abstract: Techniques are disclosed relating to credential managers. In some embodiments, a computing device maintains a credential manager that stores, in a protected manner, a set of credentials for authenticating a user and metadata about the credentials. The computing device stores an instance of the metadata externally to the credential manager. The computing device uses the externally stored metadata to determine whether the set of credentials includes a particular credential associated with a service and, in response to determining that the set of credentials includes the particular credential, displays an indication of the particular credential. In some embodiments, the computing device receives a selection of the displayed indication by the user and, in response to the selection, sends a request for the particular credential to the credential manager.

Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.

Abstract: The embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can include the steps of (1) approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device, (2) receiving, from the peripheral computing device: (i) an audio signal that encodes a password and timing information, and (ii) a light signal. Additionally, the method can involve, in response to identifying that the timing information correlates with the light signal: (3) extracting the password from the audio signal, and (4) establishing a communication link with the peripheral computing device based on the password. In turn, the method can involve (5) providing configuration information to the peripheral computing device over the communication link.

Abstract: Communicating wireless devices collaborate and utilize waveforms to enable secure channel estimation. To protect against a repetitive replay attack, some embodiments include Single Carrier Physical Layer (SC-PHY) waveforms and/or interpolated OFDM waveforms that do not include a repeatable or predictable structure. The waveforms are transmitted in ranging packet structures that are compatible with legacy 802.11 technologies that do not utilize secure channel estimation. The ranging packets are received in combination with the information previously exchanged to enable the receiving wireless system to securely determine a channel estimate (e.g., determine a channel estimate without an interloper transmission that is not an authentic first arrival path in a multi-path channel between the wireless systems). Thus, one or both of the wireless systems can estimate the distance between them (or range). Devices utilizing legacy 802.

Abstract: The embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can include the steps of (1) approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device, (2) receiving, from the peripheral computing device: (i) an audio signal that encodes a password and timing information, and (ii) a light signal. Additionally, the method can involve, in response to identifying that the timing information correlates with the light signal: (3) extracting the password from the audio signal, and (4) establishing a communication link with the peripheral computing device based on the password. In turn, the method can involve (5) providing configuration information to the peripheral computing device over the communication link.