| 主权项 |
1. Apparatus to enable biometric identification over a network without any biometric information being released to said network, comprising: a biometric/cryptographic processing means (BCPM) including: means to read or receive biometric information from a user of said BCPM, wherein said means to read or receive biometric information comprises at least one biometric sensor selected from a group consisting of one or more of a fingerprint reading device, an iris scanning device, a retinal scanning device, a facial recognition device, a voice recognition device, a handprint scanning device, a blood circulation recognition device, a heartbeat monitor, DNA reading apparatus, and a sensor having life-signs detection capabilities to determine whether said sensor is deriving biometric information from a living body; means to determine whether said biometric information derived from the user corresponds to an authorized user of said BCPM and thereby determine whether the user is an authorized user of said BCPM; means to undertake cryptographic information processing, including a means to encrypt and decrypt information according to one or more of a number of specified cryptographic protocols; means to generate and store unique asymmetric private/public cryptographic key pairs corresponding to each authorized user of said BCPM, such that each said key pair is unique and dedicated to, or associated with, a specific authorized user, with said private keys being retained secretly in said BCPM and said public keys being released publicly, said means to generate and store unique asymmetric private/public cryptographic key pairs operating independent of any biometric information or biometric identification methods, said private cryptographic keys being disabled from use in a default state; a means to enable use by said BCPM of one or more of said private cryptographic keys corresponding to an authorized user in a specific cryptographic operation if and only if the authorized user has provided biometric authorization for said specific cryptographic operation, where providing biometric authorization involves the authorized user being positively biometrically identified by said BCPM in combination with the authorized user giving explicit permission for said specific cryptographic operation to be undertaken by said BCPM using private keys corresponding to the authorized user, with said private keys corresponding to the authorized user otherwise remaining in a disabled state; said BCPM thereby being configured such that use of one or more of said private cryptographic keys corresponding to a specific authorized user is possible only if the authorized user has been positively biometrically identified by said BCPM in the corresponding biometric authorization process, and thereby being configured such that a determination by an external person or device that said BCPM is using any of said private cryptographic keys corresponding to a specific authorized user in a cryptographic operation is equivalent to a determination that the authorized user has been biometrically identified as the originator of said cryptographic operation. |
