This invention describes a system for access control, wherein a control card is presented to a control means. If the control card is authenticated, then access is gained. If it is not authenticated, access is not gained, the control card is retained, and an alarm may be sounded. The control card contains at least two means; (1) machine readable indicia identifying the card, and (2) a random pattern of micro spots, which pattern is derived (by direct copying--such as by focussed laser beam) from one of a plurality of different patterns, retained in a bank of such micro patterns, each such micro pattern identified by, and selectable in accordance with, different unique indicia, identical with the machine readable indicia on said cards. In use the control card is introduced into the control means and the indicia are read. Master micro pattern corresponding to the indicia is selected from the bank. The card micro pattern and master micro pattern are compared. If the comparison okay, the card is authenticated.

In a method and system for identifying one or more objects, a two-dimensional, optically readable pattern and an identification code are generated. The pattern and the identification code are paired in one-to-one correspondence by means of a predetermined algorithm and are arbitrary. A two-dimensional representation of the pattern is provided on the object or on a pattern support connected thereto. The identification code is stored together with associated identification information. In order to identify the object, the representation of the pattern thereof is optically scanned and the associated identification code determined, by means of which the identification information can be determined.

A "bank" cash card system for handling fund transfer transactions between a payor and a payee having a magnetic "hysteresis" security arrangement. A cash card has a magnetic stripe on which the available cash balance, the identification and security information are scramble recorded. A transaction register machine reads data from the card, carries out the transaction and records the new account balance on the card. The modified information is "restored" on the card is in the form of a rescrambled code. The transaction register machine also includes a magnetic tape of the cassette type or disk for storing each transaction thereon for further processing of the information at a remote data processing center. The transaction register machine further includes a main keyboard on the side of the payee for displaying the cash balance, entering the total amount of the sale and recording the new cash balance on the card. The main keyboard is responsive to the card holder's or customer's keyboard which has a slot for insertion of the card for verification by entering the correct identification number known only to the card holder. A random surface pattern on a given portion of the card is preferably scanned to produce a digital number uniquely identifying the card.

A device for facilitating financial account transactions is described which includes a processing unit including a cryptographic processor. The device also includes an input unit, a display unit and a memory device connected to the processing unit. The memory device contains a private cryptographic key, a first data element and a second data element. The processing unit encrypts the first data element using the private cryptographic key and the second data element, modifies the second data element, combines the encrypted first data element and the second data element to generate a single-use financial account identifier, and displays the single-use financial account identifier. This identifier is then transmitted to a central processor for authorization of the transaction. The central processor extracts and decrypts data elements from the transmitted identifier using the private cryptographic key, compares those data elements with data elements stored in a memory, and verifies the single-use financial account identifier in accordance with the comparison.

A security system for a personal computer, in which hardware and software are combined to provide a tamper-proof manner of protecting user-access and file-access. The hardware component of the system is an expansion board for insertion into an expansion slot of the PC, and has a first EPROM chip containing four portions of machine code for initializing system function calls and for establishing the proper boot-processing of the PC; a second RAM chip serving as scratch pad memory; a third EEPROM chip storing passwords, audit trail log, protection and encryption system flags, and user-access rights; a fourth automatic encryption and decryption chip for files of the PC; and a fifth clock chip for the audit trail. The software component includes a batch file that runs a program in conjunction with the machine code on the EPROM of the expansion board ensuring access is gained only for valid users. The code on the EPROM monitors all DOS 21H file handling function calls, and initializes the 7CH interrupt vector for allowing the security system to access DOS and the files thereof. During boot processing, the 10H video interrupt handler is monitored to prevent circumventing the security system. Hard-disc format-protection is also provided by monitoring of the 13H interrupt function calls. Files may also be created that may not be copied.