Abstract: A computer account server receives a nominee identity from an account owner associated with owner access credentials. The nominee identity is stored in a data structure of a computer account that is selected based on the owner access credentials. Electronic access to information stored in the data structure is then restricted to access requests from computer terminals that provide the owner access credentials. In response to determining that an account handoff event has become satisfied for the computer account, the computer account server sends a nominee handoff message using the nominee identity retrieved from the data structure. A nominee access request message is received from a nominee computer terminal. In response to validating content of the nominee access request message, the computer account server modifies the restriction of electronic access to grant the nominee computer terminal electronic access to the information stored in the data structure of the computer account.

Abstract: A computer account server receives a nominee identity from an account owner associated with owner access credentials. The nominee identity is stored in a data structure of a computer account that is selected based on the owner access credentials. Electronic access to information stored in the data structure is then restricted to access requests from computer terminals that provide the owner access credentials. In response to determining that an account handoff event has become satisfied for the computer account, the computer account server sends a nominee handoff message using the nominee identity retrieved from the data structure. A nominee access request message is received from a nominee computer terminal. In response to validating content of the nominee access request message, the computer account server modifies the restriction of electronic access to grant the nominee computer terminal electronic access to the information stored in the data structure of the computer account.

Abstract: A restriction request message, including a restriction for a secondary account, is received by a computer server from a user device via a network node that is outside of a secure authorization network. An authorization request message, including an identifier of the secondary account and a secondary password provided by a terminal that is communicatively coupled to a node of the authorization network, is received by the computer server via the authorization network. The secondary account is identified as being associated with a primary account based on the identifier included in the authorization request message. Authentication for a transaction between the terminal and the primary account is performed by the computer server based on the secondary password. An authorization response message for the transaction between the terminal and the primary account, based on the restriction for the secondary account, is transmitted from the computer server via the authorization network.

Abstract: A message, which includes a user-defined transaction parameter for a transaction with a terminal that is communicatively coupled to a node of a secure authorization network, is received by a computer server via a network node that is outside of the secure authorization network. An authorization request message for the transaction with the terminal is received by the computer server via the secure authorization network. The authorization request message includes a one-time password that is provided by the terminal. Authentication is performed by the computer server based on the one-time password, and the user-defined transaction parameter for the transaction with the terminal is identified by the computer server based on the one-time password included in the authorization request message. An authorization response message for the transaction with the terminal based on the user-defined transaction parameter is transmitted from the computer server via the secure authorization network.

Abstract: In a computer-implemented authentication method, a first authentication request from a first machine is received at an authentication server. The first authentication request includes an identification of a second machine that is to provide a requested service. An authentication token including client-specific and server-specific portions is generated at the authentication server, responsive to receiving the first authentication request from the first machine. An authentication identifier and the server-specific portion of the authentication token are transmitted from the authentication server to the second machine, responsive to receiving the first authentication request from the first machine. A second authentication request, including the authentication identifier and both the server-specific and the client-specific portions of the authentication token, is received at the authentication server from the second machine.

Abstract: In a computer-implemented authentication method, a first authentication request from a first machine is received at an authentication server. The first authentication request includes an identification of a second machine that is to provide a requested service. An authentication token including client-specific and server-specific portions is generated at the authentication server, responsive to receiving the first authentication request from the first machine. An authentication identifier and the server-specific portion of the authentication token are transmitted from the authentication server to the second machine, responsive to receiving the first authentication request from the first machine. A second authentication request, including the authentication identifier and both the server-specific and the client-specific portions of the authentication token, is received at the authentication server from the second machine.