Abstract: A computer-implemented method comprises accessing, by a networking hardware device, identity awareness data for a plurality of client computing devices and device security policies of a plurality of IoT computing devices from at least one distributed data repository; authenticating, by the networking hardware device, a client computing device requesting access to at least one Internet of Things (IoT) computing device, based on the accessed identity awareness data; establishing, at the networking hardware device, firewall rules based on the accessed device security policies; creating, by the networking hardware device, a session for the authenticated client computing device to communicate with the at least one IoT computing device, wherein creating a session comprises posting information relating to the session as authentication session information to the at least one distributed data repository.

Abstract: In an embodiment, a computer-implemented method comprising: posting, by a broker computing device, device control data to a distributed datastore including distributed ledger and blockchain, wherein the device control data is collected at a plurality of directory services in a federation; receiving, at a computing hardware device, the device control data from the distributed datastore; using, by the computing hardware device, the device control data received from the distributed datastore, remotely managing user accounts and access control and security policies on at least one networked device.

Abstract: In an embodiment, a computer-implemented method comprises receiving, by at least one broker computing devices, identity awareness data from a plurality of directory services in a federation; posting, by the at least one broker computing device, the identity awareness data to a distributed data repository; establishing, at a networking hardware device having a first type, firewall rules using the identity awareness data from the distributed data repository; controlling, by the networking hardware device having the first type, network traffic based on the identity awareness data.

Abstract: A computer-implemented method comprises accessing, by a networking hardware device, identity awareness data for a plurality of client computing devices and device security policies of a plurality of IoT computing devices from at least one distributed data repository; authenticating, by the networking hardware device, a client computing device requesting access to at least one Internet of Things (IoT) computing device, based on the accessed identity awareness data; establishing, at the networking hardware device, firewall rules based on the accessed device security policies; creating, by the networking hardware device, a session for the authenticated client computing device to communicate with the at least one IoT computing device, wherein creating a session comprises posting information relating to the session as authentication session information to the at least one distributed data repository.

Abstract: In an embodiment, a computer-implemented method comprises receiving, by at least one broker computing devices, identity awareness data from a plurality of directory services in a federation; posting, by the at least one broker computing device, the identity awareness data to a distributed data repository; establishing, at a networking hardware device having a first type, firewall rules using the identity awareness data from the distributed data repository; controlling, by the networking hardware device having the first type, network traffic based on the identity awareness data.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises calculating, using a gateway computing device, a current digital fingerprint of a computing device based on current security service data of the computing device; conducting, using the gateway computing device, a real-time health check of the computing device based on an initial digital fingerprint stored in a distributed data repository, wherein the initial digital fingerprint is based on an initial security service data of the computing device; and in response to the real-time health check of the computing device, determining, using the gateway computing device, whether to restore the computing device with configurations consistent with the initial digital fingerprint stored in the distributed data repository.

Abstract: In an embodiment, a computer-implemented method comprising: posting, by a broker computing device, device control data to a distributed datastore including distributed ledger and blockchain, wherein the device control data is collected at a plurality of directory services in a federation; receiving, at a computing hardware device, the device control data from the distributed datastore; using, by the computing hardware device, the device control data received from the distributed datastore, remotely managing user accounts and access control and security policies on at least one networked device.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, sending an initial digital fingerprint of a computing device out-of-band for storing in a distributed data repository, wherein the initial digital fingerprint is based on initial security service data of the computing device; using a gateway computing device, remotely calculating a current digital fingerprint of the computing device based on current security service data of the computing device; using the gateway computing device, conducting a real-time out-of-band health check of the computing device based, at least in part, on the initial digital fingerprint stored in the distributed data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to restore the computing device with configurations consistent with the initial digital fingerprint stored in the distributed data repository.

Abstract: In an embodiment, a computer-implemented data security method comprises: using a first computing device, generating a plurality of encrypted shares from a plurality of shares of hidden security service data by using a separate public key from a plurality of public keys that correspond to a plurality of second computing devices; using a requesting second computing device, accessing and decrypting a first encrypted share of the plurality of encrypted shares using a first private key corresponding to the requesting second computing device to generate a first portion of the hidden security service data; using an available second computing device, decrypting a second encrypted share of the plurality of encrypted shares using a second private key corresponding to the available second computing device to generate a decrypted share; using the available second computing device, re-encrypting the decrypted share using a public key corresponding to the requesting second computing device to generate a re-encrypted share

Abstract: A computer-implemented method comprises posting, by a broker computing device, identity awareness data for a plurality of client computing devices to a distributed data repository (DDP); receiving, by a networking hardware device, the identity awareness data from the DDP; using, by the networking hardware device, the identity awareness data from the DDP to authenticate a client computing device requesting access to at least one Internet of Things (IoT) computing device; in response to authenticating the client computing device, creating, by the networking hardware device, a session for the client computing device to communicate with the at least one IoT computing device, wherein creating a session comprises: opening a port on the networking hardware device, wherein communication between the client computing device and the at least one IoT computing device is through the port; posting information relating to the session as authentication session information to the DDP.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises calculating a digital fingerprint based on security service data of a computing device, and sending the fingerprint out-of-band for storing in a data repository; generating encrypted current security service data from the computing device and sending the encrypted current security service data out-of-band to a gateway computing device; using the gateway computing device, receiving the encrypted current security service data out-of-band and conducting a real-time out-of-band health check of the computing device based, at least in part, on the fingerprint that is stored in the data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to allow access to in-band communication data.

Abstract: In an embodiment, a computer-implemented data security method comprises: using a first computing device, generating a plurality of encrypted shares from a plurality of shares of hidden security service data by using a separate public key from a plurality of public keys that correspond to a plurality of second computing devices; using a requesting second computing device, accessing and decrypting a first encrypted share of the plurality of encrypted shares using a first private key corresponding to the requesting second computing device to generate a first portion of the hidden security service data; using an available second computing device, decrypting a second encrypted share of the plurality of encrypted shares using a second private key corresponding to the available second computing device to generate a decrypted share; using the available second computing device, re-encrypting the decrypted share using a public key corresponding to the requesting second computing device to generate a re-encrypted share

Abstract: In an embodiment, a computer-implemented method comprises receiving, at multiple broker computing devices, device control data from a plurality of directory services in a federation; posting, by the broker computing devices, the device control data to a distributed datastore including distributed ledger and blockchain; receiving, at a computing hardware device, the device control data from the distributed datastore; in response to receiving the device control data from the distributed datastore, remotely managing, by the computing hardware device, user accounts and access control and security policies on at least one networked device.

Abstract: Secure enrollment of devices into computer networks is improved by a method that comprises receiving a first set of security data for computing devices from a vendor computing device and a second set of security data from a partner computing device and storing the first and second set of security data in a data repository; issuing a first authentication challenge to the computing devices, wherein the challenge is based on the first set and the second set of device security data; receiving a first authentication response from the computing devices and cross-referencing the first authentication response with the first set and the second set of device security data; receiving a second authentication challenge from the computing devices, wherein the second authentication challenge is based on the first set of security data; and issuing a second authentication response to the computing devices and determining whether to enroll the computing devices.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, calculating a digital fingerprint of a computing device based on security service data of the computing device, and sending the fingerprint out-of-band for storing in a data repository; using an agent computing device, encrypting current security service data of the computing device to generate encrypted current security service data and sending the encrypted current security service data out-of-band to a gateway computing device; using the gateway computing device, receiving the encrypted current security service data out-of-band and conducting a real-time out-of-band health check of the computing device based, at least in part, on the fingerprint that is stored in the data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to allow access to in-band communication data.

Abstract: In an embodiment, a computer-implemented data security method comprises: at a first computing device, receiving security service data from a first digital data repository; using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically storing the plurality of encrypted shares as data in a second digital data repository; using a subset of the plurality of second computing devices, in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the subset of the plurality of second

Abstract: An apparatus and method of determining coverage of a wireless network is disclosed. The method includes traveling to multiple locations around access points of the wireless network, and for a plurality of client applications, measuring a performance parameter between a test client device and nodes of the wireless network, at a plurality of the multiple locations.

Abstract: An apparatus and method of determining coverage of a wireless network is disclosed. The method includes traveling to multiple locations around access points of the wireless network, and for a plurality of client applications, measuring a performance parameter between a test client device and nodes of the wireless network, at a plurality of the multiple locations.

Abstract: An apparatus and method of a method of an access point determining whether to transmit a response to a client device probe request is disclosed. The method includes the access point receiving a probe request from a client device. The access point determines a quality of a link between the access point and the client device based on the probe request. The access point sets a delay time for transmitting a probe response to the probe request depending upon the quality of the link.

Abstract: An apparatus and method of determining coverage of a wireless network is disclosed. The method includes traveling to multiple locations around access points of the wireless network, and for a plurality of client applications, measuring a performance parameter between a test client device and nodes of the wireless network, at a plurality of the multiple locations.