BACKGROUND ART Biometrics is the statistical study of biological phenomena. Portions of the human anatomy such as iris, fingerprint, voice, retina and palm print patterns is now capable of being converted into data, which is referred to as biometric data. Biometric data can be stored electronically and are useful for identifying individuals.

The Internet is a massive networked computer environment for housing, retrieving and transferring data, information and expression. Use of the Internet, although beneficial, raises substantial issues of privacy in addition to purchasing fraud, credit and debit card fraud, and access to obscene content and pornography by children and teenagers.

In view of these and other deficiencies in the art, there is a need for improved systems, methods and apparatus that exploit biometric data for facilitating the quick, safe and efficient execution of customer transactions and user identification over the Internet.

DISCLOSURE OF THE INVENTION The invention proposes an improved networked computer architecture and associated systems and methods

for controlling and regulating registered user client access to services provided by network service providers and for otherwise controlling and regulating registered user activity in a networked computer environment. In a particular embodiment, the invention proposes a networked computer architecture including a service client and a plurality of registered user clients. The service client is associated with a login protocol for processing login requests from the registered user clients and a database of electronic documents each containing reference biometric data and a user name of one the registered user clients. The user clients are each associated with apparatus for collecting sample biometric data and for generating an electronic report of collected sample biometric data. The login protocol is responsive to each login request for requesting submission of a user name and an electronic report of collected sample biometric data input at the apparatus of one of the user clients, for receiving the user name and the electronic report, for locating the electronic document in the database having the same user name as the submitted user name, for comparing collected sample biometric data of the submitted electronic report to the reference biometric data of located electronic document and, if the collected sample biometric data of the submitted electronic report substantially matches the reference biometric data of the located electronic document, for one of a) granting access to a service provided by one of the service client and at least one other service client, b) denying access to a service provided by one of the service client and at least one other service client, and c) restricting access to a service provided by one of the service client and at

least one other service client. The service is any one of a potentially vast number of services including, for instance, d) access to at least one of data, information and entertainment content, e) access to at least one of a formal banking, brokerage and business relationship established to provide for at least one of regular services, dealings and other financial transactions, f) access to a chat room, g) access to a means for casting a vote, etc. The reference biometric data and the sample biometric data with respect to each user client are of the same type. As a matter of providing teachings of exemplary systems, apparatus and methods for collecting biometric data and of identifying individuals with biometric data, incorporated herein by reference are PCT/US99/08120 entitled METHOD, SYSTEM AND APPARATUS FOR BIOMETRIC IDENTIFICATION, and PCT/US99/13049 entitled AUTHORIZATION AND VERIFICATION OF DOCUMENTS.

The invention can be employed with a potentially vast number of service clients in addition to a potentially vast number of registered user clients, although only one service client and only one registered user client can use and benefit from the invention.

BRIEF DESCRIPTION OF THE DRAWINGS Referring to the drawings: FIG. 1 is a highly schematic diagram of a networked computer environment ; and FIG. 2 is a diagram of a networked architecture of registered user clients and a service client, in accordance with the invention.

BEST MODES FOR CARRYING OUT THE INVENTION The invention provides, among other things, an improved networked computer architecture and associated systems and methods for registering user clients and for controlling and regulating registered user client access to services provided by network and online service providers and for otherwise controlling and regulating registered user activity in a networked computer environment. Ensuing embodiments of the invention utilize a networked computer environment, and the following discussion deals primarily with the Internet and the world-wide-web. However, those conversant in the art will appreciate that the various embodiments set forth herein may be implemented in any generalized or localized networked computer environment including a local area network. In accordance with the ensuing disclosure, the invention may be utilized in connection with substantially any business that provides customers with a service or services by way of the Internet such as a) access to at least one of data, information and entertainment content, b) access to at least one of a formal banking, brokerage and business relationship established to provide for at least one of regular services, dealings and other financial transactions including the purchase of goods and services, c) access

to a chat room, d) access to a means for casting a vote and for bidding for objects, goods and services, etc.

Turning to the drawings, FIG. 1 illustrates a highly schematic diagram of a networked computer environment 10 includes clients 11 connected together through a network 12. Clients 11 include, among other networked components, displays and personal computers or the like, which are configured to interact with network 12 in a conventional manner. Each computer normally includes or is otherwise associated with storage, whether local or central storage and preferably the former, processing apparatus, an appropriate software architecture, output apparatus such as a monitor or display and input apparatus such as a keyboard, mouse or pointing device, a voice response architecture including an associated microphone and headphone and/or speaker, a stylus and interactive display, etc. Network 12 is a generalized or localized computer network or the Internet and preferably the latter. Access to network 12 is normally made over telephone lines such as wired and/or wireless commercial information services or other similar communication systems. For ease of discussion and clarity, one of clients 11 is considered a local or user client and is denoted with the reference character 11A and discussed below in connection therewith, and another of clients 11 is considered a central or service client and is denoted with the reference character 11B.

Any one of clients 11 can be either a service client or a user client in accordance with the invention, and the invention contemplates a potentially vast number of user and service clients. It will be generally understood that a service client is an entity, which can be accessed by others, namely, user clients, over network

12 for the purpose of conducting business in a networked environment and otherwise for the purpose of enjoying a service from the service client or from one or more other service clients.

Client 11B is located centrally or otherwise at a central operating facility or establishment and is operated by managerial and technical personnel, which is the case with virtually every commercial web site and this is what client 11B is considered to be in accordance with the invention. Client 11A is normally located at a residence and perhaps at a local customer facility and it can be located elsewhere and even at or proximate a central operating facility and it may otherwise be a transient or petite wireless device or otherwise include or incorporate a transient or petite wireless device.

All user clients 11 incorporate substantially the same basic elements. Looking to FIG. 2, client 11A, like all user clients 11, includes a computer 30 or similar device having or otherwise adapted and arranged with an associated output apparatus 31 and preferably a display or monitor, and input apparatus 32 and preferably one or more of a keyboard and pointing device, among potentially other conventional computerized accessories such as a printer, scanner, camera, etc. Computer 30 includes or is otherwise connected to or associated with storage 33. Storage 20 is resident or local storage and houses, among other things, software such as a commercially available browser application 34 for facilitating network 12 access and negotiation, and an operating system or platform and preferably one that is multi-tasking and responsive to inputs from client 11A for accessing and

interacting with other local and remote networked components. In one embodiment, the browser application is provided by client 11B and client 11B is an Internet Service Provider (ISP). In accordance with the invention, client 11A, like all user clients 11, is equipped with, connected to or is otherwise adapted to receive data from and communicate with apparatus 35 for collecting biometric data. The operation of apparatus 35 is controlled, in whole or in part, by an operator operating and entering commands into computer 30.

Client 11A, like any of user clients 11, may alternatively consist of a wireless individual subscriber unit that is adapted and arranged to access and interact with network 12, such as a petite computerized unit, a cell phone or other form of wireless communications subscriber unit, etc.

As those skilled in the art will readily appreciate, user clients 11 are adapted and arranged with the capability of interacting with network 12 and with service client 11B and this arrangement is well known in the art. In a preferred embodiment, service client 11B is associated with a data structure 20, which is accessible by user clients 11 by way of a site or portal 21. As previously intimated, service client 11B provides user clients 11 with a service or service, which can include ISP services relating to providing access to network 12 and to other networked components and other online service providers, retail services, medical services, chat room services, services relating to data and information retrieval and transmission, entertainment services in the nature of providing music, pornography and/or other forms of online entertainment or services such as access to bidding, voting, etc.

Server 22 facilitates the interface between user clients 11, including user client 11A, and site 21 in a conventional manner. Those of ordinary skill will appreciate that the invention may incorporate a potentially vast number of servers for providing a potentially vast number of clients with, among other things, access to site 21. Should network 12 be a local or generalized network, user clients 11 may access site 22 with a localized or generalized network application format. Should network 12 be the Internet and this is preferred, site 21 may be publicly accessible (i. e., a publicly accessible web site) with a HyperText Transfer Protocol request from any client with a commercially available web browser or, perhaps, within an encrypted virtual private network, FTP, etc. Although service client 11B is preferably an ISP, it may be a retail business site, a site for providing users with specific information or data, a site for providing users with pornographic, musical and other forms of entertainment or informational or expressive content, etc.

Client 11B includes substantially the same elements as client 11A. Client 11B operates and manages site 21.

Accordingly, site 21 and data structure 20 are considered part of client 11B, and they may be considered part of a plurality of central clients if so desired and the various components thereof may be multiplied in that regard. Client 11B and server 22 may be located at the same location if desired and client 11B may be configured with the ability to access server 22, site 21 and data structure 20 without having to make a network or telephonic connection. Data structure 20 is a managed by the architecture of site 21 and it may be additionally or separately managed by another

software protocol. Data structure 20 includes or is otherwise associated with storage 23, which includes a database 24 that houses a potentially vast number of electronic documents 25 and applications, namely, a search protocol 26 and a login protocol 27, and these features will be discussed in detail later in this specification. The invention provides a login process may take place at a point when a user is trying to gain access to network 12 by way of service client 11B or otherwise at a point when a user is trying to gain access to a service provided by service client 11B or by way of service client 11B.

The invention is concerned with biometrically registering users of user clients 11 for the purpose of providing a scheme for biometrically identifying and logging in users wishing to access services provided by service client 11B or any participating service client for the purpose of controlling and regulating registered user access to services provided by service client 11B or any participating service client and for otherwise controlling and regulating registered user activity in network 12. In accordance with the invention, each user client 11 must be registered prior to receiving or otherwise benefiting from services provided by service client 11B or other service client, and user client 11A is considered a registered user client in this regard.

With respect to the user at client 11A, and every registered user client for that matter, service client 11B is associated with login protocol 27 and an electronic document 25 containing reference biometric data of the user that corresponds to client 11A. For the purpose of this discussion, the biometric data of the user that corresponds to client 11A is considered

the biometric data of client 11A. As previously intimated, client 11A is associated with apparatus 35 for collecting sample biometric data and for generating an electronic report of collected sample biometric data.

In a series of tasks, login protocol 27 is responsive to a login request from client 11A for requesting submission of an electronic report of collected sample biometric data input at apparatus 35, for receiving the electronic report, for comparing collected sample biometric data of the submitted electronic report to the reference biometric data of the electronic document and, if the collected sample biometric data of the electronic report substantially matches the reference biometric data of the electronic document, for one of a) granting access to a service provided by one of the service client and at least one other service client, b) denying access to a service provided by one of the service client and at least one other service client, and c) restricting access to a service provided by one of the service client and at least one other service client.

Site 22 is configured with a highly interactive architecture of display features and prompts, which allows users of user clients 11A to login and to otherwise interact with data structure 20.

For any user client 11 to benefit from the invention, the user/human operator must become registered. This registration process is typical of many known registration processes in connection with many commercial web sites and ISPs, which normally require submission of various personal data and information in addition to a password and user name as a prerequisite to gaining access to network 12 by way of an ISP or to gaining access to a service or services

provided by an online service provider or web site. In accordance with the invention, user biometric data is required and is used as a means for providing secure login. In accordance with the invention, it is preferred that a user name and user password be associated with user biometric data.

In accordance with the invention, user registration includes, among other things, user submission of biometric data, which is stored electronically as reference biometric data in database 24 and as an electronic document 25. With respect to client 11A, the registration process takes place at client 11A or elsewhere and preferably at client 11A. In one scenario of the invention, a user operates computer 30 and activates apparatus 35 and takes biometric data or a biometric reading of himself. Apparatus 35 is adapted and arranged to encode the biometric data into a biometric code, generate an electronic report of the biometric code and then transfer the electronic report to client 11B, which is stored in database 24 as an electronic document 25. Because the invention contemplates a potentially vast number of user clients, the invention also contemplates a potentially vast number of electronic documents 25, each containing, among other things, reference biometric data of registered users. The taking and encoding of the biometric data and the subsequent storing of the biometric code into database 24 as electronic document 25 can be performed in response to manual commands or performed or managed by computer 30 in a series of automated and computerized process steps. In terms of this disclosure, the biometric code of electronic document 25 is considered reference biometric data of a

particular user, and the electronic document 25 of each user is preferably associated with a user name and password for the user, which are either chosen by the user or by service client 11B. In this regard, when a user wishes to login for gaining access to services provided by, for instance, service client 11B, login protocol 26 is configured to be responsive to a login request for requesting submission of an electronic report of collected sample biometric data input at apparatus 35, for receiving the electronic report, for comparing collected sample biometric data of the submitted electronic report to the reference biometric data of the electronic document and, if the collected sample biometric data of the electronic report substantially matches the reference biometric data of the electronic document, for one of a) granting access to a service provided by one of the service client and at least one other service client, b) denying access to a service provided by one of the service client and at least one other service client, and c) restricting access to a service provided by one of the service client and at least one other service client.

It is desirable that before comparing the sample biometric data to the reference biometric data, that the invention further include associating the reference biometric data a reference identifier of the user client, submitting a sample identifier from the user client, comparing the sample identifier with the reference identifier, and if the sample identifier substantially matches the reference identifier, comparing the sample biometric data to the reference biometric data, in accordance with the invention. In another embodiment, it is desirable that before

comparing the sample biometric data to the reference biometric data, that the invention further include associating the reference biometric data with a reference identifier and a reference password of the user client, submitting a sample identifier and a sample password from the user client, comparing the sample identifier to the reference identifier and the sample password to the reference password, and if the sample identifier substantially matches the reference identifier and the sample password substantially matches the reference password, the step of comparing the sample biometric data to the reference biometric data.

The information contained within each document 25 may include, in addition to biometric data and user name and password, the user's name, age, sex, height, weight, hair and eye color, and perhaps other features of the user's physical appearance, social security number, a photograph of the user, a bank account number, a credit card number, a debit card number, a brokerage account number, etc. For each user the registration process is essentially complete after electronic document 25 is created and stored in database 24. This registration process is repeated for each user that wishes to enjoy the invention, and it is envisioned that database 24 will house a potentially vast number of electronic documents. As the number of electronic documents becomes increasingly large, database 24 may be configured as a plurality of separate, yet related and mutually or individually accessible databases. Site 21 can be arranged to govern database 24 access and search and retrieval functions as will now be discussed.

Considering the invention in connection with a potentially vast number of clients consistent with the

foregoing teachings, the invention proposes a networked computer architecture of at least one service client 11B associated with login protocol 27 for processing login requests from a plurality of registered user clients 11 and database 24 of electronic documents 25 each containing reference biometric data and, among potentially other things, an identifier of one of the registered user clients, such as a user name, social security number, etc. The user clients are each associated with apparatus for collecting sample biometric data and for generating an electronic report of collected sample biometric data, as for providing reference biometric data in a registration procedure and for providing sample biometric data in a login procedure. Login protocol 27 is responsive to each user login request for requesting submission of the user's identifier and an electronic report of collected sample biometric data input at the apparatus of one of the user clients, for receiving the identifier and the electronic report, for conducting an identifier search with search protocol 26 based on the input identifier and locating the electronic document in the database having the same identifier as the submitted identifier, for comparing collected sample biometric data of the submitted electronic report to the reference biometric data of the located electronic document and, if the collected sample biometric data of the submitted electronic report substantially matches the reference biometric data of the located electronic document, for one of a) granting access to a service provided by one of the service client and at least one other service client, b) denying access to a service provided by one of the service client and at least one other service client, and

c) restricting access to a service provided by one of the service client and at least one other service client.

The registration process may be carried out at a user client or elsewhere and the former is preferred.

In accordance with the invention, the registration procedure may afford a user with the ability to enter in a bank account number, such as a credit card account number, a debit card account number, a brokerage account number, etc., that may be later used for purchasing goods and services over network 12 or by carrying out banking activities over network 12 only after a successful biometric login. The user may also identify other junior users by user name or the like and desired restrictions to apply to their online use and this is obviously beneficial for preventing unauthorized users of a credit, debit or other banking account including an brokerage account, checking account, savings account, etc., blocking children and teenager access to pornography and other forms of obscene or objectionable network content.

The invention contemplates a potentially vast number of databases of registered user clients and service clients, and the databases can each be independent or interrelated and accessible by means of a common network service or portal or by different network services or portals.

The invention is described above with reference to one or more preferred embodiments. Those skilled in the art will recognize that changes and modifications may be made in the described embodiments without departing from the nature and scope of the invention. To the extent that these and other modifications and variations do not depart from the spirit of the invention, they are intended to be included within the scope thereof, which is assessed only by a fair interpretation of the following claims.