A proactively protected (P2) processing system and method is invented for stopping the cyber-attacks from malicious usages of computing systems. The invention is applicable to eliminate the roots of the cyber-threats before a successful cyber-incident. Thereby, demand for resilient computing systems to survive a cyber-incident will be disappeared. Any recovery act and information loss is not happened. The invention dynamically switches a plurality of instruction sets at random or scheduled time for determining authorized operations with code compatibility. Therefore, a P2 processing system and method can detect and delete only unauthorized operations before being executed while executing authorized operations.

Disclosed are various implementations for distributing and installing packages in response to user logon events. A logon event associated with a user account is detected for a client device. A query containing a respective user account identifier is sent to a provisioning service to retrieve a set of packages to install on the client device. The set of packages are received from the provisioning service and installed on the client device.

Embodiments of this application provide a digital rights management DRM method, apparatus, and system, to implement a DRM interworking operation between DRM servers and clients of different vendors. The method includes: A DRM server encrypts a first media file by using a first encryption method to obtain a first encrypted media file; the DRM server generates content protection description information of the first encrypted media file, where the content protection description information includes a content identifier and encryption method information, the content identifier identifies the first encrypted media file, and the encryption method information identifies the first encryption method; the DRM server performs first formatting on the content protection description information to generate formatted content protection data; the DRM server encapsulates the formatted content protection data to generate a content protection data packet.

Described are various embodiments of a secure cloud-based system. In one such embodiment, the secure cloud-based system includes a distribution of digital network processing resources and a central digital processing environment. The central processing environment includes a secure network interface to each of said digital processing resources; a digital hardware processor; and a deployment engine operable to serially deploy a unique ephemeral machine executable code instance, via said secure network interface, to a given one of said digital processing resources to be executed thereon for a predetermined runtime period, wherein execution of each said unique ephemeral machine executable code instance is automatically terminated after said predetermined runtime period to be operatively replaced by a subsequent unique ephemeral machine executable code instance.

The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus. The amulet, the manager, and the digital asset are either operably receivable by a computer or are operably received by the computer, in various aspects. Related methods and compositions of matter are also disclosed.

Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.

Systems and methods for efficient metadata processing, for example, by resolving input patterns into binary representations ahead of time. In some embodiments, a plurality of input patterns may be identified, wherein an input pattern of the plurality of input patterns comprises a metadata label. A plurality of respective values may be selected for a plurality of variables, wherein the plurality of variables comprise a variable corresponding to the metadata label of the input pattern. A binary representation of the metadata label may be obtained based on the respective value of the variable.

Improving execution of application program instructions by receiving code having a security classification, determining that the code is untrusted according to the security classification and inserting instructions for a cache flush associated with executing the code.

In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.

In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.