Abstract: A restriction request message, including a restriction parameter for a secondary account, is received from a device that is associated with a primary account, via a network node that is outside of a secure authorization network. A replenishment request message, including a password and an account replenishment parameter for the secondary account, is also received via a network node that is outside of the authorization network. Authentication is performed based on the password, and the restriction parameter for the secondary account is identified responsive to receiving the replenishment request message. Responsive to determining that the account replenishment parameter satisfies the restriction parameter, a replacement key is generated and associated with the account replenishment parameter for the secondary account.

Abstract: Techniques are disclosed relating to authentication for user transactions. In some embodiments, a first device of the user provides an option for the user to transfer payment and device signature information to a second device of the user. The second device, in some embodiments, then uses the payment information for payment transactions (which may avoid manual input of payment information). The second device, in some embodiments, transmits the device signature information for the first device to an authentication system. The authentication system, in some embodiments, authenticates the second device based on a match for the signature information for the first device.

Abstract: A restriction request message, including a restriction parameter for a secondary account, is received from a device that is associated with a primary account, via a network node that is outside of a secure authorization network. A replenishment request message, including a password and an account replenishment parameter for the secondary account, is also received via a network node that is outside of the authorization network. Authentication is performed based on the password, and the restriction parameter for the secondary account is identified responsive to receiving the replenishment request message. Responsive to determining that the account replenishment parameter satisfies the restriction parameter, a replacement key is generated and associated with the account replenishment parameter for the secondary account.

Abstract: A restriction request message, including a restriction for a secondary account, is received by a computer server from a user device via a network node that is outside of a secure authorization network. An authorization request message, including an identifier of the secondary account and a secondary password provided by a terminal that is communicatively coupled to a node of the authorization network, is received by the computer server via the authorization network. The secondary account is identified as being associated with a primary account based on the identifier included in the authorization request message. Authentication for a transaction between the terminal and the primary account is performed by the computer server based on the secondary password. An authorization response message for the transaction between the terminal and the primary account, based on the restriction for the secondary account, is transmitted from the computer server via the authorization network.

Abstract: A method for alternate primary account number generation is described. The method comprises receiving, from a device, an input data string containing sensitive data. The input data string comprises a first portion, a second portion, and a third portion. A plurality of values is generated using the second portion of the input data string, wherein each of the plurality of values are of a predetermined amount of numbers, each of the plurality of values having a corresponding key. A first key is selected, based on the second portion, from the plurality of values. A second key is generated using the first key. An output value is selected, based on the second key, from the plurality of values. An output data string is generated using the first portion, the output value, and the third portion.