Abstract: In an embodiment, a computer implemented method comprises accessing, from a first data repository, identity information associated with one or more protected computing devices; creating mapped identity information by encrypting and mapping the identity information according to a different identity data format that is compatible with the one or more protected computing devices; updating stored blockchain data using the mapped identity information; storing the mapped identity information from the blockchain data in a second data repository; generating decrypted identity information from the mapped identity information stored in the second data repository; and performing one or more authentication services for a client device on behalf of the one or more protected computing devices by using the mapped identity information in the second data repository; wherein the method is performed by one or more computing devices.

Abstract: In an embodiment, a computer-implemented method comprising: posting, by a broker computing device, device control data to a distributed datastore including distributed ledger and blockchain, wherein the device control data is collected at a plurality of directory services in a federation; receiving, at a computing hardware device, the device control data from the distributed datastore; using, by the computing hardware device, the device control data received from the distributed datastore, remotely managing user accounts and access control and security policies on at least one networked device.

Abstract: A computer-implemented method of providing data governance as data flows within and between networks, comprising: accessing, by a second gateway computing device, data stored in a plurality of hash chains in a hierarchy of digital ledgers and written by a plurality of first gateway computing devices, wherein validity of the data stored in the plurality of hash chains has not been verified prior to writing; detecting, by the second gateway computing device, consensus of the data stored in the plurality of hash chains by comparing each of the plurality of hash chains to all other hash chains of the plurality of hash chains to determine whether the hash chains are cryptographically consistent; in response to detecting consensus of the data stored in the hash chains, updating, by the second gateway computing device, stored blockchain data using the data stored in the plurality of hash chains.

Abstract: In an embodiment, a computer implemented method comprises, using a first server, detecting one or more changes to identity information that is stored in a first data repository; using the first server, in response to detecting the one or more changes to the identity information, mapping the identity information according to a different identity data format that is compatible with one or more protected computing devices, to result in creating mapped identity information; using the first server, updating stored blockchain data using the mapped identity information; using a second server, detecting mapped identity information updates to the blockchain data; using the second server, in response to detecting the mapped identity information updates, transferring the mapped identity information updates to a second data repository; and using the second server, performing one or more authentication services on behalf of one or more of the protected computing devices, using the mapped identity information updates in th

Abstract: In an embodiment, a computer-implemented method comprises receiving a first authentication request from one or more first computing devices; in response to receiving the first authentication request, performing a first authentication service for the one or more first computing devices on behalf of a second computing device using a first set of identity information; in response to performing the first authentication service, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; receiving a second authentication request from the second computing device configured to access the first set of one or more transactions; in response to receiving the second authentication request, performing a second authentication service for the second computing device on behalf of a third computing device using a second set of identity information; in response to performing the second authentication service, encrypting and sending the first set of on

Abstract: In an embodiment, a computer-implemented data security method comprises: at a first computing device, receiving security service data from a first digital data repository; using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically storing the plurality of encrypted shares as data in a second digital data repository; using a subset of the plurality of second computing devices, in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the subset of the plurality of second

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, calculating a digital fingerprint of a computing device based on security service data of the computing device, and sending the fingerprint out-of-band for storing in a data repository; using an agent computing device, encrypting current security service data of the computing device to generate encrypted current security service data and sending the encrypted current security service data out-of-band to a gateway computing device; using the gateway computing device, receiving the encrypted current security service data out-of-band and conducting a real-time out-of-band health check of the computing device based, at least in part, on the fingerprint that is stored in the data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to allow access to in-band communication data.