Abstract: A certificate validation mechanism is provided for a network interface. The certificate validation mechanism maintains a certificate cache containing local copies of certificates with associated validity indications. The certificate validation mechanism is operable to compare a certificate associated with a received message to the certificate cache and, where the certificate associated with the received message is held in the certificate cache, to associate with the message an indication of validity retrieved from the certificate cache. By providing a cache for certificates local to the network interface, the need always to verify a certificate by reference to a public repository is removed. If a certificate is not held in the local cache, then it can still be necessary to query the public repository. Nevertheless, the verification mechanism provides more immediate verification of certificate validity as this can be made locally without the cost and time of the remote verification at the public repository.

Abstract: The invention provides a method and apparatus for secure management of data in a computer controlled storage system. The system includes a trusted data management server (tdm server), responsive to a user or user program application, for storing data in and retrieving data from a storage system. The tdm server includes a security structure generator to generate the following security management structures: an unique identifier for the data; access control information for the data; a data signature for authenticating the data from the data and the unique identifier; and an access control information signature for authenticating the access control information from the access control information and the unique identifier.