Abstract: Techniques are disclosed relating to accessing credential information on multiple devices. In one embodiment, a computer system is disclosed that includes one or processors and memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations. The operations include storing registration information identifying a plurality of devices as being registered to an organization and receiving, over a network from a first device, a request for credential information of a first of a plurality of users associated with the organization. The operations further include authenticating the first request, including verifying that the first device is being used by the first user and determining, based on the registration information, whether the first device is one of the plurality of devices. The operations include granting or denying the first request for the credential information based on the authenticating.

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).

Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.

Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.

Abstract: A system for provisioning credentials onto an electronic device is provided. The system may include a payment network subsystem, a service provider subsystem, and one or more user devices that can be used to perform mobile transactions at a merchant terminal. The user device may communicate with the service provider subsystem in order to obtained commerce credentials from the payment network subsystem. The user device may include a secure element and a corresponding trusted processor. The trusted processor may generate a random authorization number and inject that number into the secure element. Mobile payments should only be completed if the random authorization number on the secure element matches the random authorization number at the trusted processor. The trusted processor may be configured to efface the previous random authorization number and generate a new random authorization number when detecting a potential change in ownership at the user device.

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).