System and method for cross directory authentication in a Public Key Infrastructure. A first directory is configured to query a second directory when receiving queries regarding signature certificates from a second enterprise PKI. The first directory is part of a first enterprise PKI, and the second directory is part of the second enterprise PKI. Access to a first enterprise PKI server is attempted by a user. The user presents a signature certificate from the second enterprise PKI to the server for authentication. A query is sent to the first directory from the server to determine if the user is allowed access to the server. A query is sent to the second directory from the first directory to determine if the user is a member of the second enterprise PKI. The server approves access to the server if the user is a member of the second enterprise PKI.

A method and apparatus for completing intra-data-network calls and calls between a public switched telephone network (PSTN) and a data network. For the case of an Internet data network, an Internet Phone Register is provided to identify the User Location Service (ULS) server that stores the temporary Internet Protocol Address (TIPA) of a called terminal. Advantageously, the TIPA of any called terminal can then be readily obtained by querying that ULS server.

An attribute rule enforcer for evaluating the attributes of a call to add, modify, or delete information in a directory, such as a lightweight directory access protocol (LDAP) directory. The attribute rule enforcer determines if the attributes of the call comply with predetermined rules governing the directory's content. The directory attribute rule enforcer may be located at the front end of the directory's access server, and intercepts calls to the directory access server. If the directory attribute rule enforcer determines that the attributes of a call complies with the rules governing the content of the directory, it will forward the call to the directory's access server for action. If, on the other hand, directory attribute rule enforcer determines that the attributes of a call do not comply with the rules governing the content of the directory, the attribute rule enforcer will reject the call. Further, it may forward an appropriate error message to the source of the call.

An authentication processing system includes a communication network, a plurality of terminal apparatuses, and an authentication undertaking apparatus. The authentication undertaking apparatus authenticates the user of each terminal apparatus through utilization of data which include at least either data fixedly assigned to the terminal apparatus or data peculiar to the user, specifies a site which the user wishes to utilize, and undertakes authentication processing with reference to a database which stores authentication data which become necessary when the authenticated user utilizes the desired site.

A technique permitting an X.509 certificate to simultaneously support more than one cryptographic algorithm. An alternative public key and alternative signature are provided as extensions in the body of the certificate. These extensions define a second (or more) cryptographic algorithm which may be utilized to verify the certificate. These are not authenticated by the primary signature and signature algorithm in the primary cryptographic algorithm. These newly defined extensions are reviewed by a receiving entity if the entity does not support the cryptographic algorithm of the primary signature.