A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have On-The-Fly (OTF) mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment. The machine system additionally may have a digital signature mechanism for protecting file data from unauthorized tampering. The machine system additionally may have a volume-encryption mechanism for protecting plaintext versions of file data from exposure in events of power outages.