Abstract: In an embodiment, a computer-implemented method comprising: posting, by a broker computing device, device control data to a distributed datastore including distributed ledger and blockchain, wherein the device control data is collected at a plurality of directory services in a federation; receiving, at a computing hardware device, the device control data from the distributed datastore; using, by the computing hardware device, the device control data received from the distributed datastore, remotely managing user accounts and access control and security policies on at least one networked device.

Abstract: In an embodiment, a computer-implemented method comprises receiving, by at least one broker computing devices, identity awareness data from a plurality of directory services in a federation; posting, by the at least one broker computing device, the identity awareness data to a distributed data repository; establishing, at a networking hardware device having a first type, firewall rules using the identity awareness data from the distributed data repository; controlling, by the networking hardware device having the first type, network traffic based on the identity awareness data.

Abstract: In an embodiment, a computer-implemented method comprises, receiving an authentication request from a first computing device; in response to receiving the authentication request from the first computing device, performing one or more authentication services on behalf of a second computing device using identity information that is stored in a first data repository; generating, based on data from an access control list maintained at the second computing device, a list of one or more third computing devices; receiving a request from the first computing device to access a third computing device in the list of one or more third computing devices; generating service identity information for authenticating to the third computing device and storing the service identity information in a second data repository; and performing one or more authentication services on behalf of the first computing device using the service identity information that is stored in the second data repository.

Abstract: In an embodiment, a computer-implemented method comprises receiving, by at least one broker computing devices, identity awareness data from a plurality of directory services in a federation; posting, by the at least one broker computing device, the identity awareness data to a distributed data repository; establishing, at a networking hardware device having a first type, firewall rules using the identity awareness data from the distributed data repository; controlling, by the networking hardware device having the first type, network traffic based on the identity awareness data.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises calculating, using a gateway computing device, a current digital fingerprint of a computing device based on current security service data of the computing device; conducting, using the gateway computing device, a real-time health check of the computing device based on an initial digital fingerprint stored in a distributed data repository, wherein the initial digital fingerprint is based on an initial security service data of the computing device; and in response to the real-time health check of the computing device, determining, using the gateway computing device, whether to restore the computing device with configurations consistent with the initial digital fingerprint stored in the distributed data repository.

Abstract: In an embodiment, a computer-implemented method comprising: posting, by a broker computing device, device control data to a distributed datastore including distributed ledger and blockchain, wherein the device control data is collected at a plurality of directory services in a federation; receiving, at a computing hardware device, the device control data from the distributed datastore; using, by the computing hardware device, the device control data received from the distributed datastore, remotely managing user accounts and access control and security policies on at least one networked device.

Abstract: In an embodiment, a computer-implemented method comprises, receiving, at a first server, a plurality of certificates and an inventory list and storing the plurality of certificates and the inventory list in a blockchain; receiving, at a second server associated with the blockchain, a validation request from a device and validating the device; in response to validating the device, receiving, at the second server, a certificate request from the device and verifying the certificate request against the inventory list stored in the blockchain; and in response to verifying the certificate request, enrolling the device by sending a certificate from the plurality of certificates stored in the blockchain to the device.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, sending an initial digital fingerprint of a computing device out-of-band for storing in a distributed data repository, wherein the initial digital fingerprint is based on initial security service data of the computing device; using a gateway computing device, remotely calculating a current digital fingerprint of the computing device based on current security service data of the computing device; using the gateway computing device, conducting a real-time out-of-band health check of the computing device based, at least in part, on the initial digital fingerprint stored in the distributed data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to restore the computing device with configurations consistent with the initial digital fingerprint stored in the distributed data repository.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises calculating a digital fingerprint based on security service data of a computing device, and sending the fingerprint out-of-band for storing in a data repository; generating encrypted current security service data from the computing device and sending the encrypted current security service data out-of-band to a gateway computing device; using the gateway computing device, receiving the encrypted current security service data out-of-band and conducting a real-time out-of-band health check of the computing device based, at least in part, on the fingerprint that is stored in the data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to allow access to in-band communication data.

Abstract: In an embodiment, a computer-implemented method comprises: in response to receiving a first authentication request from one or more first computing devices, authenticating the first computing devices on behalf of a first client device using a first set of identity information; in response to authenticating the first computing devices, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; in response to receiving a second authentication request from the first client device configured to access the first set of one or more transactions, authenticating the first client device on behalf of a second computing device using a second set of identity information that is associated with the first client device; in response to performing the second authentication service, encrypting and sending the first set of one or more transactions to the first client device.

Abstract: In an embodiment, a computer-implemented method comprises, receiving an authentication request from a first computing device; in response to receiving the authentication request from the first computing device, performing one or more authentication services on behalf of a second computing device using identity information that is stored in a first data repository; generating, based on data from an access control list maintained at the second computing device, a list of one or more third computing devices; receiving a request from the first computing device to access a third computing device in the list of one or more third computing devices; generating service identity information for authenticating to the third computing device and storing the service identity information in a second data repository; and performing one or more authentication services on behalf of the first computing device using the service identity information that is stored in the second data repository.

Abstract: In an embodiment, a computer-implemented method comprises, receiving, at a first server, a plurality of certificates and an inventory list and storing the plurality of certificates and the inventory list in a blockchain; receiving, at a second server associated with the blockchain, a validation request from a device and validating the device; in response to validating the device, receiving, at the second server, a certificate request from the device and verifying the certificate request against the inventory list stored in the blockchain; and in response to verifying the certificate request, enrolling the device by sending a certificate from the plurality of certificates stored in the blockchain to the device.

Abstract: In an embodiment, a computer-implemented method comprises: in response to receiving a first authentication request from one or more first computing devices, authenticating the first computing devices on behalf of a first client device using a first set of identity information; in response to authenticating the first computing devices, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; in response to receiving a second authentication request from the first client device configured to access the first set of one or more transactions, authenticating the first client device on behalf of a second computing device using a second set of identity information that is associated with the first client device; in response to performing the second authentication service, encrypting and sending the first set of one or more transactions to the first client device.

Abstract: In an embodiment, a computer-implemented method comprises receiving, at multiple broker computing devices, device control data from a plurality of directory services in a federation; posting, by the broker computing devices, the device control data to a distributed datastore including distributed ledger and blockchain; receiving, at a computing hardware device, the device control data from the distributed datastore; in response to receiving the device control data from the distributed datastore, remotely managing, by the computing hardware device, user accounts and access control and security policies on at least one networked device.

Abstract: Secure enrollment of devices into computer networks is improved by a method that comprises receiving a first set of security data for computing devices from a vendor computing device and a second set of security data from a partner computing device and storing the first and second set of security data in a data repository; issuing a first authentication challenge to the computing devices, wherein the challenge is based on the first set and the second set of device security data; receiving a first authentication response from the computing devices and cross-referencing the first authentication response with the first set and the second set of device security data; receiving a second authentication challenge from the computing devices, wherein the second authentication challenge is based on the first set of security data; and issuing a second authentication response to the computing devices and determining whether to enroll the computing devices.

Abstract: In an embodiment, a computer-implemented method comprises receiving a first authentication request from one or more first computing devices; in response to receiving the first authentication request, performing a first authentication service for the one or more first computing devices on behalf of a second computing device using a first set of identity information; in response to performing the first authentication service, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; receiving a second authentication request from the second computing device configured to access the first set of one or more transactions; in response to receiving the second authentication request, performing a second authentication service for the second computing device on behalf of a third computing device using a second set of identity information; in response to performing the second authentication service, encrypting and sending the first set of on

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, calculating a digital fingerprint of a computing device based on security service data of the computing device, and sending the fingerprint out-of-band for storing in a data repository; using an agent computing device, encrypting current security service data of the computing device to generate encrypted current security service data and sending the encrypted current security service data out-of-band to a gateway computing device; using the gateway computing device, receiving the encrypted current security service data out-of-band and conducting a real-time out-of-band health check of the computing device based, at least in part, on the fingerprint that is stored in the data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to allow access to in-band communication data.