A wireless access device can be configured to determine a list of accessory groups corresponding to accessories connected to a network managed by the wireless access device. The wireless access device may also be configured to identify at least one firmware update that corresponds to at least one accessory group of the list of accessory groups and request all firmware updates that correspond to the at least one accessory group. The wireless access device can also be configured to receive one or more firmware updates that corresponds to at least one of the accessories of the at least one accessory group for which a respective firmware update is available and transmit at least one firmware update of the received one or more firmware updates to at least one corresponding accessory of the at least one accessory group.

In some examples, a headless device that is without an available user interface and that is to be provisioned for access to a network receives information relating to provisioning of the headless device from a network node. The headless device sends, to a mediator device with a user interface, at least a portion of the received information. The headless device receives, from the mediator device, information to proceed with the provisioning of the headless device.

In some examples, a headless device that is without an available user interface and that is to be provisioned for access to a network receives information relating to provisioning of the headless device from a network node. The headless device sends, to a mediator device with a user interface, at least a portion of the received information. The headless device receives, from the mediator device, information to proceed with the provisioning of the headless device.

Techniques are disclosed relating to determining whether geographic locations of a user computing device satisfy a location consensus threshold. A computer system receives results of a plurality of location determination operations, each of which specifies a geographic location of a computing device initiating an action. The computer system then makes a determination whether the received results satisfy a consensus threshold as to geographic location of the computing device. In some embodiments, the determination is usable to select, from a plurality of sets of rules for different geographic regions, a particular set of rules for processing the action. In some cases, the particular set of rules is usable to determine whether to process the action. Such techniques may advantageously allow a processing system to understand how to process actions initiated by a computing device associated with different geographic locations.

A data management system manages secured data for a plurality of users. The data management system utilizes an access authorization system to authenticate users seeking access to the data management system. The access authorization system provides access tokens to authenticated users. The access tokens enable the authenticated users to access the data management system without again providing authentication data. The access authorization system includes, for each user, an access policy that governs whether the users can use the access tokens to access the data management system. The access tokens have a finite lifetime. If the users use the access tokens within the finite lifetime and if the users satisfy all of the access rules of the access policies, then the lifetime of the access tokens can be extended a finite number of times.

A data management system manages secured data for a plurality of users. The data management system utilizes an access authorization system to authenticate users seeking access to the data management system. The access authorization system provides access tokens to authenticated users. The access tokens enable the authenticated users to access the data management system without again providing authentication data. The access authorization system includes, for each user, an access policy that governs whether the users can use the access tokens to access the data management system. The access tokens have a finite lifetime. If the users use the access tokens within the finite lifetime and if the users satisfy all of the access rules of the access policies, then the lifetime of the access tokens can be extended a finite number of times.

A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.

A method and system for providing access to a location secured by an electronically activated locking mechanism, the method comprising: detecting a geographical position of a mobile device. Determining that the detected geographical position of the mobile device is proximate to the location secured by the electronically activated locking mechanism. Transmitting a signal causing the electronically activated locking mechanism to unlock.

A method and system for providing access to a location secured by an electronically activated locking mechanism, the method comprising: detecting a geographical position of a mobile device. Determining that the detected geographical position of the mobile device is proximate to the location secured by the electronically activated locking mechanism. Transmitting a signal causing the electronically activated locking mechanism to unlock.

Disclosed herein is a technique for managing permissions associated with the control of a host device that are provided to a group of wireless devices. The host device is configured to pair with a first wireless device. In response to pairing with the first wireless device, the host device grants a first level of permissions for controlling the host device to the first wireless device. Subsequently, the host device can receive a second request from a second wireless device to pair with the host device. In response to pairing with the second wireless device, the host device can grant a second level of permissions for controlling the host device to second wireless device, where the second level of permissions is distinct from the first level of permissions.