Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters.

Abstract: A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network.

Abstract: First and second controllers implemented on computing equipment may be used to control switches in a network. The switches may forward network packets between end hosts. The second controller may identify first and second redundant partitions of switches in the network that are each coupled to all of the end hosts. The first controller may instruct the first partition to install software while the second partition forwards network traffic and may instruct the second partition to install software while the first partition forwards network traffic. The first controller may install the software while the second controller is active and the second controller may install the software while the first controller is active. In this way, the switches and controllers may be provided with an uninterrupted software upgrade and packets may be forwarded between end hosts during the software upgrade without introducing packet loss or other noticeable reductions in network performance.

Abstract: A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may configure the switches in the network to identify broadcast network packets and to forward the broadcast network packets to the controller. The controller may identify which broadcast domain is associated with a received broadcast network packet based on information such as source information retrieved from the broadcast network packet. The controller may identify switches that are coupled to the end hosts of a broadcast domain associated with the received broadcast network packet. The controller may forward the broadcast network packet to the identified switches through network control paths and may direct the identified switches to forward the broadcast network packet to end hosts of the associated broadcast domain.

Abstract: First and second controllers implemented on computing equipment may be used to control switches in a network. The switches may forward network packets between end hosts. The second controller may identify first and second redundant partitions of switches in the network that are each coupled to all of the end hosts. The first controller may instruct the first partition to install software while the second partition forwards network traffic and may instruct the second partition to install software while the first partition forwards network traffic. The first controller may install the software while the second controller is active and the second controller may install the software while the first controller is active. In this way, the switches and controllers may be provided with an uninterrupted software upgrade and packets may be forwarded between end hosts during the software upgrade without introducing packet loss or other noticeable reductions in network performance.

Abstract: A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network.

Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters.

Abstract: A network of switches that forwards network packets between end hosts may be controlled by a controller. The controller may maintain information that identifies subsets of the end hosts that are associated with respective broadcast domains. The controller may use network topology information to determine which of the switches are coupled in a forwarding tree formed from network paths between the end hosts of a broadcast domain. The controller may be used to configure the switches with an identifier that identifies which broadcast domain is associated with each subset of end hosts. The controller may configure switches of a given forwarding tree that are coupled to end hosts of an associated broadcast domain to modify broadcast network packets received from the end hosts with the identifier and to forward the modified broadcast network packets along the forwarding tree exclusively to end hosts of the associated broadcast domain.

Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters.

Abstract: Network switches that are controlled by a controller server may contain ports through which network packets are received and forwarded. An architect may configure the controller server to create virtual switches. Each virtual switch may be formed from a subset of the ports of the network switches. The architect may assign administrators to the virtual switches. The administrators may configure the virtual switches. An administrator may use a command line interface to configure a virtual switch. The administrator may use commands such as a show port command, an access list command, a show access list command, and a membership rule command to manage the virtual switch. The controller server may prevent the administrator from logging on to virtual switches that have been assigned to other administrators.

Abstract: Network switches that are controlled by a controller server may contain ports through which network packets are received and forwarded. An architect may configure the controller server to create virtual switches. Each virtual switch may be formed from a subset of the ports of the network switches. The architect may assign administrators to the virtual switches. The administrators may configure the virtual switches. An administrator may use a command line interface to configure a virtual switch. The administrator may use commands such as a show port command, an access list command, a show access list command, and a membership rule command to manage the virtual switch. The controller server may prevent the administrator from logging on to virtual switches that have been assigned to other administrators.

Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters.

Abstract: A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network.