An unforgeable personal identification system for identifying users at remote access control sites. The unforgeable personal identification system generates one-way encrypted versions of physically immutable identification credentials (facial photo, retinal scan, voice and finger prints). These credentials are stored on a portable memory device (credit card size). At a remote access control site, the user presents his portable memory device and the encrypted identification credentials are read. The user then submits physically to inputting of his physical identification characteristics to the remote access control site. Comparison is performed with the credentials obtained from the memory device and with the user's physical identity to determine whether to allow or deny access at the remote site.