A secure computer system architecture can be comprised of network-enabled end-user devices, services available to the end-user devices, and a biometric authentication gateway. Each service can be provided via one or more appropriately-configured servers meeting a predefined minimum level of computer and network security and/or a blockchain network. The biometric authentication gateway can control access to the services based upon validation of a user's biometric vector against a pre-established biometric vector. The architecture can utilize an improved public key infrastructure (PKI) approach that segments a private encryption key into three parts and distributes the three parts between the end-user device and the biometric authentication gateway. Two of the three parts can be encased within fuzzy vaults based upon the user's biometric vector. Retrieving the key parts from the fuzzy vaults cannot be performed without successful biometric authentication of the user, ensuring that only the user can execute the services.