Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
RBAC Book icon
RBAC book
"A must read."
Review from IEEE Computer Society, Security & Privacy
"Overall, this is a great book."
Linux Journal
Image of Gold Medal 2002 Gold Medal for Scientific/ Engineering Achievement - US Department
Multi Colored arrow pointing up 1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium
Globe 1998 Best Paper - Nat Inf Systems Security Conf

nist rbac patents

NOTE: When clicking the links for each RBAC Patents, you will be leaving RBAC website and leaving NIST webserver.

NIST RBAC Patents Patents Referencing NIST RBAC Patents Patents referencing NIST RBAC research

Implementation of Role Based Access Control in Multi-level Secure Systems (Kuhn) U.S. Patent #6,023,765. HTML

114 patents cite NIST RBAC patents as of 6 June 08

IBM: US Patent #6,381,579, "System and method to provide secure navigation to resources on the internet" (Gervais, et al., 2002).

Microsoft: US Patent #6,014,666, "Declarative and Programmatic Access Control of Component-Based Server Applications Using Roles" (Helland, et al., 2000).

"Workflow Management Employing Role-Based Access Control" (Barkley). U.S. Patent #6,088,679, HTML

IBM: US Patent #6,438,549, "Method for storing sparse hierarchical data in a relational database" (Aldred, et al., 2002).

Microsoft: US Patent #6,301,601, "Disabling and enabling transaction committal in transactional application components" (Helland, et al., 2001).

A Method for Visualizing and Managing Role-Based Policies on Identity-Based Systems (Ferraiolo & Gavrila) (pending)

Microsoft: US Patent #6,412,070, "Extensible security system and method for controlling access to objects in a computing environment" (Van Dyke, et al., 2002).

Microsoft: US Patent #6,385,724, "Automatic object caller chain with declarative impersonation and transitive trust" (Beckman, et al., 2002).

"Implementation of Role/Group Permission Association Using Object Access Type" (Barkley,Cincotta). US Patent # 6,202,066 HTML

Microsoft: US Patent #6,466,932, "System and method for implementing group policy" (Dennis, et al., 2002).

Microsoft: US Patent #6,425,017, "Queued method invocations on distributed component applications" (Dievendorff, et al., 2002).

For information on licensing NIST inventions, click here

Unisys: US Patent #6,401,100, "Method for associating classes contained in the same or different models" (Gladieux, 2002).

Microsoft: US Patent #6,442,620, "Environment extensibility and automatic services for component applications using contexts, policies and activators" (Thatte, et al., 2002).

 

Electronic Data Systems: US Patent #6,430,549, "System and method for selectivety defining access to application features" (Gershfield, et al., 2002).

Microsoft: US Patent #6,473,791, "Object load balancing" (Al-Ghosein, et al., 2002).

 

Entrust, Inc.: US Patent #6,453,353, "Role-based navigation of information resources" (Win, et al., 2002).

Microsoft: US Patent #6,487,665, "Object Security Boundaries" (Andrews et al., 2002)

 

Secure Computing Corp.: US Patent #6,357,010, "System and method for controlling access to documents stored on an internal network" (Viets, et al., 2002).

Microsoft: US Patent #6,574,736, "Composable Roles", (Andrews, 2003)

 

Argus: US Patent #6,289,462, "Trusted compartmentalized computer operating system" (McNabb, et al., 2001).

Microsoft: US Patent #6,604,198 "Automatic object caller chain with declarative impersonation and transitive trust" , (Beckman, et al., 2003)

 

Epicentric, Inc.: US Patent #6,327,628, "Portal server that provides a customizable user Interface for access to computer networks" (Anuff, et al., 2001).

Microsoft: US Patent #6,606,711, "Object Security Boundaries" (Andrews et al., 2003)

 

Accenture LLP: US Patent #6,442,748, "System, method and article of manufacture for a persistent state and persistent object separator in an information services patterns environment" (Bowman-Amuah, 2002).

Microsoft: US Patent # 6,678,696 "Transaction processing of distributed objects with declarative transactional attributes", (Helland, et al., 2004)

 

US Patent #6,445,968, "Task manager" (Jalla, 2002).

Microsoft: US Patent # 6,714,962 " Multi-user server application architecture with single-user object tier ", (Helland, et al., 2004)

 

American Management Systems: US Patent #6,606,740, Development framework for case and workflow systems (Lynn, et al., 2003)

Microsoft: US Patent # 6,748,555. "Object based software management", (Teegan, et al., 2004)

 

E-Talk: US Patent #6,615,182 System and method for defining the organizational structure of an enterprise in a performance evaluation system, (Powers et al., 2003)

BEA Systems, Inc. US Patent # 6,754,884 "Programming language extensions for processing XML objects and related applications" (Lucas, et al., 2004)

 

Microsoft: US Patent #6,466,932, System and method for implementing group policy (Dennis, et al., 2003)

Sun Microsystems, US Patent # 6,768,988. " Method and system for incorporating filtered roles in a directory system" (Boreham, et al., 2004)

 

Xerox: US Patent # 6,535,884, System, method and article of manufacture for providing an attribute system with primitive support of dynamic and evolvable roles in support of fluid and integrative application development

Sun Microsystems, US Patent # 6,785,686. "Method and system for creating and utilizing managed roles in a directory system " (Boreham, et al., 2004)

 

Electronic Data Systems: US Patent # 6,578,029, System and method for selectively defining access to application features, (Gershfield et al., 2003)

Microsoft: US Patent # 6,813,769. "Server application components with control over state duration", (Limprecht, et al., 2004)

 

IBM: US Patent # 6,594,661, Method and system for controlling access to a source application (Tagg, 2003)

BEA Systems: US Patent # 6,859,810, "Declarative specification and engine for non-isomorphic data mapping", Andrei, et al., 2005)

 

Secure Computing Corp: US Patent # 6,640,307, System and method for controlling access to documents stored on an internal network, (Viets, et al., 2003)

IBM: US Patent # 6,871,232, Method and system for third party resource provisioning management (Curie et al., 2005)

 

IBM: US Patent #6,947,989, "System and method for provisioning resources to users based on policies, roles, organizational information, and attributes. (Gullotta, et al., 2005)

BEA Systems: US Patent # 6,918,107(Lucas , et al., 2005) Programming language extensions for processing data representation language objects and related applications

 

IBM: US Patent #6,950,825, Fine grained role-based access to system resources (Chang, et al., 2005)

Intertrust Technologies Corporation: US Patent #6,938,021 (Shear et al., 2005) Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information

 

IBM: US Patent #6,985,955, System and method for provisioning resources to users based on roles, organizational information, attributes and third-party informatino or authorizations (Gullotta, et al., 2006)

Intertrust Technologies Corporation: US Patent #6,948,070 (Ginter, et al., 2005) Systems and methods for secure transaction management and electronic rights protection

 

Hewlett-Packard: US Patent #7,076,655 Multiple trusted computing environments with verifiable environment identities (Griffin et al., 2006)

George Mason U.: US Patent #6,985,953 (Sandhu, et al., 2006) System and apparatus for storage and transfer of secure data on web

 

Hewlett-Packard: US Patent #7,093,125  Role based tool delegation. (Robb et al., 2006)

Voltage Security: US Patent # 7,003,117 (Kacker, et al., 2006) Identity-based encryption system for secure data distribution

 

Bradee: US Patent #7,131,000 Computer security system (Bradee, 2006)

IBM: US Patent # 7,020,667, System and method for data retrieval and collection in a structured format (Curie et al., 2006)

 

Hewlett-Packard US Patent #7,159,210  Performing secure and insecure computing operations in a compartmented operating system  (Griffin, Dalton, 2007)

SAP: US Patent #7,031,787, Change management(Kalthoff, et al., 2006)

 

Harris Interactive: US Patent #7,171,567 System for protecting information over the internet  (Bayer, Mathias, Frost, 2007)

Microsoft: US Patent #7,043,733 Server application components with control over state duration (Limprecht, et al., 2006)

 

Felsher: US Patent #7,181,017 System and method for secure three-party communications  (Nagel, Felsher, Hoffberg, 2007)

Microsoft: US Patent #7,043,734 Component self-deactivation while client holds a returned reference (Limprecht, et al., 2006)

 

Unisys: US Patent #7,219,234 System and method for manging access rights and privileges in a data processing system (Ashland, Clouse, 2007)

Intertrust: US Patent #7,051,212 Systems and methods for secure transaction management and electronic rights protection (Ginter et al., 2006)

 

Matsushita: US Patent #7,243,235  Mandatory access control (MAC) method (Guo, Johnson, Park, 2007)

Intertrust: US Patent #7,62,500 Techniques for defining, using, and manipulating rights management infrastructures (Hall et al., 2006)

 

Microsoft: US Patent #7,284,271 Authorizing a requesting entity to operate upon data structures (Lucovsky et al., 2007)

Microsoft: US Patent #7,062,770 Recycling components after self-deactivation (Limprecht, et al., 2006)

 

IBM: US Patent #7,302,569 Implementation and use of a PII data access control facility employing identifying information labels and purpose serving functions sets (Betz et al., 2007)

Intertrust: US Patent #7,069,451 Systems and methods for secure transaction management and electronic rights protection (Ginter et al., 2006)

 

Hewlett-Packard US Patent #7,302,585 System for providing a trustworthy user interface (Proudler et al., 2007)

Intertrust: US Patent #7,076,652 Systems and methods for secure transaction management and electronic rights protection (Ginter et al., 2006)

 

Hewlett-Packard US Patent #7,302,698 Operation of trusted state in computing platform (Proudler, Chan, 2007)

Harris: US Patent #7,302,708 Enforcing computer security utilizing an adaptive lattice mechanism (Kovarik, 2007)

SAP: US Patent #7,308,704 Data structure for access control (Vogel, Drittler, Kupke, 2007)

Oracle: US Patent #7,315,859 Method and apparatus for management of encrypted data through role separation (Samar, 2008)

SAP: US Patent #7,350,237 Managing access control information (Vogel, Drittler, Kupke, 2007)

IBM: US Patent #7,365,695 Multi-level security systems (LiVecchi, 2008)

IBM: US Patent #7,370,366 Data management system and method (LiVecchi, Perez, Shub, 2008)

Hewlett-Packard US Patent #7,376,974 Apparatus and method for creating a trusted environment (Proudler et al., 2008)

Microsoft: US Patent #7,076,784 Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment (Russell, et al., 2006)

Novell:  US Patent #7,130,880 System and method for sharing files via a user internet file system (Bruton, Mitchell,2006)

Microsoft: US Patent #7,165,104  Method and apparatus for managing computing devices on a network (Wang, 2007)

IBM: US Patent #7,216,125  Methods and apparatus for pre-filtered access control in computing systems (Goodwin, 2007)

Microsoft: US Patent #7,240,244 Object-based software management. (Teegan, Matsumoto, 2007)

Microsoft: US Patent #7,243,271 Wrapped object for observing object events (Teegan, Matsumoto, 2007)

Electronic Data Systems: US Patent #6,055,637 System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential (Hudson et al., 2000)