Abstract: A server may encrypt an authentication signal using a public encryption key (e.g., a public encryption key that was generated together with a private encryption key stored on a user device pre-registered with the server). The server passes the encrypted authentication signal to a user agent (e.g., such as the web browser) and the user agent encodes the encrypted authentication signal into a machine-readable optical label. The user agent displays the machine-readable optical label for scanning by the user device. Accordingly, the user device may be unlocked by a user (e.g., using an unlock password or an unlock gesture), and the user device may scan the machine-readable optical label, decode the encrypted authentication signal encoded in the machine-readable optical label, decrypt the decoded authentication signal that was encrypted by the server, and generate an authentication code based on the decrypted authentication signal.

Abstract: Methods for configurable and proactive application diagnostics and recovery are performed by systems and devices. A diagnostics manager determines diagnostics packages corresponding to problems described in client device diagnostics requests. Session identifiers are generated and returned with diagnostics identifiers to clients which then provide the session identifiers and diagnostics identifiers to a service manager for session initiation. Diagnostics packages are located, retrieved, and provided back to the client by the service manager that invokes a client-side engine to execute diagnostics packages. Results are provided to the diagnostics system which determines additional packages to be executed by the engine during the same diagnostics session. Further, device-specific tokens are acquired by client devices which execute local diagnostic packages and acquire remote diagnostic packages for execution in the same session.

Abstract: Methods for configurable and proactive application diagnostics and recovery are performed by systems and devices. A diagnostics manager determines diagnostics packages corresponding to problems described in client device diagnostics requests. Session identifiers are generated and returned with diagnostics identifiers to clients which then provide the session identifiers and diagnostics identifiers to a service manager for session initiation. Diagnostics packages are located, retrieved, and provided back to the client by the service manager that invokes a client-side engine to execute diagnostics packages. Results are provided to the diagnostics system which determines additional packages to be executed by the engine during the same diagnostics session. Further, device-specific tokens are acquired by client devices which execute local diagnostic packages and acquire remote diagnostic packages for execution in the same session.

Abstract: Methods for configurable and proactive application diagnostics and recovery are performed by systems and devices. A diagnostics manager determines diagnostics packages corresponding to problems described in client device diagnostics requests. Session identifiers are generated and returned with diagnostics identifiers to clients which then provide the session identifiers and diagnostics identifiers to a service manager for session initiation. Diagnostics packages are located, retrieved, and provided back to the client by the service manager that invokes a client-side engine to execute diagnostics packages. Results are provided to the diagnostics system which determines additional packages to be executed by the engine during the same diagnostics session. Further, device-specific tokens are acquired by client devices which execute local diagnostic packages and acquire remote diagnostic packages for execution in the same session.

Abstract: Methods for configurable and proactive application diagnostics and recovery are performed by systems and devices. A diagnostics manager determines diagnostics packages corresponding to problems described in client device diagnostics requests. Session identifiers are generated and returned with diagnostics identifiers to clients which then provide the session identifiers and diagnostics identifiers to a service manager for session initiation. Diagnostics packages are located, retrieved, and provided back to the client by the service manager that invokes a client-side engine to execute diagnostics packages. Results are provided to the diagnostics system which determines additional packages to be executed by the engine during the same diagnostics session. Further, device-specific tokens are acquired by client devices which execute local diagnostic packages and acquire remote diagnostic packages for execution in the same session.

Abstract: User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval.

Abstract: User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval.