NIST, Computer Security Division, Computer Security Resource Center
 RBAC book |
"A must
read." Review from IEEE Computer Society, Security & Privacy "Overall, this is a great book." Linux Journal |
 |
2002 Gold Medal for Scientific/ Engineering Achievement - US Department |
 |
1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium |
 |
1998 Best Paper - Nat Inf Systems Security Conf |
nist rbac patents
NOTE: When clicking the links for each RBAC Patents, you will be leaving RBAC website and leaving NIST webserver.
| NIST RBAC Patents | Patents Referencing NIST RBAC Patents | Patents referencing NIST RBAC research |
|
Implementation of Role Based Access Control in Multi-level Secure Systems (Kuhn) U.S. Patent #6,023,765. HTML |
114 patents cite NIST RBAC patents as of 6 June 08 IBM: US Patent #6,381,579, "System and method to provide secure navigation to resources on the internet" (Gervais, et al., 2002). |
Microsoft: US Patent #6,014,666, "Declarative and Programmatic Access Control of Component-Based Server Applications Using Roles" (Helland, et al., 2000). |
|
"Workflow Management Employing Role-Based Access Control" (Barkley). U.S. Patent #6,088,679, HTML |
IBM: US Patent #6,438,549, "Method for storing sparse hierarchical data in a relational database" (Aldred, et al., 2002). |
Microsoft: US Patent #6,301,601, "Disabling and enabling transaction committal in transactional application components" (Helland, et al., 2001). |
|
A Method for Visualizing and Managing Role-Based Policies on Identity-Based Systems (Ferraiolo & Gavrila) (pending) |
Microsoft: US Patent #6,412,070, "Extensible security system and method for controlling access to objects in a computing environment" (Van Dyke, et al., 2002). |
Microsoft: US Patent #6,385,724, "Automatic object caller chain with declarative impersonation and transitive trust" (Beckman, et al., 2002). |
|
"Implementation of Role/Group Permission Association Using Object Access Type" (Barkley,Cincotta). US Patent # 6,202,066 HTML |
Microsoft: US Patent #6,466,932, "System and method for implementing group policy" (Dennis, et al., 2002). |
Microsoft: US Patent #6,425,017, "Queued method invocations on distributed component applications" (Dievendorff, et al., 2002). |
|
For information on licensing NIST inventions, click here (Office of Technology Partnerships) |
Unisys: US Patent #6,401,100, "Method for associating classes contained in the same or different models" (Gladieux, 2002). |
Microsoft: US Patent #6,442,620, "Environment extensibility and automatic services for component applications using contexts, policies and activators" (Thatte, et al., 2002). |
|
Electronic Data Systems: US Patent #6,430,549, "System and method for selectivety defining access to application features" (Gershfield, et al., 2002). |
Microsoft: US Patent #6,473,791, "Object load balancing" (Al-Ghosein, et al., 2002). |
|
|
Entrust, Inc.: US Patent #6,453,353, "Role-based navigation of information resources" (Win, et al., 2002). |
Microsoft: US Patent #6,487,665, "Object Security Boundaries" (Andrews et al., 2002) |
|
|
Secure Computing Corp.: US Patent #6,357,010, "System and method for controlling access to documents stored on an internal network" (Viets, et al., 2002). |
Microsoft: US Patent #6,574,736, "Composable Roles", (Andrews, 2003) |
|
|
Argus: US Patent #6,289,462, "Trusted compartmentalized computer operating system" (McNabb, et al., 2001). |
Microsoft: US Patent #6,604,198 "Automatic object caller chain with declarative impersonation and transitive trust" , (Beckman, et al., 2003) |
|
|
Epicentric, Inc.: US Patent #6,327,628, "Portal server that provides a customizable user Interface for access to computer networks" (Anuff, et al., 2001). |
Microsoft: US Patent #6,606,711, "Object Security Boundaries" (Andrews et al., 2003) |
|
|
Accenture LLP: US Patent #6,442,748, "System, method and article of manufacture for a persistent state and persistent object separator in an information services patterns environment" (Bowman-Amuah, 2002). |
Microsoft: US Patent # 6,678,696 "Transaction processing of distributed objects with declarative transactional attributes", (Helland, et al., 2004) |
|
|
US Patent #6,445,968, "Task manager" (Jalla, 2002). |
Microsoft: US Patent # 6,714,962 " Multi-user server application architecture with single-user object tier ", (Helland, et al., 2004) |
|
|
American Management Systems: US Patent #6,606,740, Development framework for case and workflow systems (Lynn, et al., 2003) |
Microsoft: US Patent # 6,748,555. "Object based software management", (Teegan, et al., 2004) |
|
|
E-Talk: US Patent #6,615,182 System and method for defining the organizational structure of an enterprise in a performance evaluation system, (Powers et al., 2003) |
BEA Systems, Inc. US Patent # 6,754,884 "Programming language extensions for processing XML objects and related applications" (Lucas, et al., 2004) |
|
|
Microsoft: US Patent #6,466,932, System and method for implementing group policy (Dennis, et al., 2003) |
Sun Microsystems, US Patent # 6,768,988. " Method and system for incorporating filtered roles in a directory system" (Boreham, et al., 2004) |
|
|
Xerox: US Patent # 6,535,884, System, method and article of manufacture for providing an attribute system with primitive support of dynamic and evolvable roles in support of fluid and integrative application development |
Sun Microsystems, US Patent # 6,785,686. "Method and system for creating and utilizing managed roles in a directory system " (Boreham, et al., 2004) |
|
|
Electronic Data Systems: US Patent # 6,578,029, System and method for selectively defining access to application features, (Gershfield et al., 2003) |
Microsoft: US Patent # 6,813,769. "Server application components with control over state duration", (Limprecht, et al., 2004) |
|
|
IBM: US Patent # 6,594,661, Method and system for controlling access to a source application (Tagg, 2003) |
BEA Systems: US Patent # 6,859,810, "Declarative specification and engine for non-isomorphic data mapping", Andrei, et al., 2005) |
|
|
Secure Computing Corp: US Patent # 6,640,307, System and method for controlling access to documents stored on an internal network, (Viets, et al., 2003) |
IBM: US Patent # 6,871,232, Method and system for third party resource provisioning management (Curie et al., 2005) |
|
|
IBM: US Patent #6,947,989, "System and method for provisioning resources to users based on policies, roles, organizational information, and attributes. (Gullotta, et al., 2005) |
BEA Systems: US Patent # 6,918,107(Lucas , et al., 2005) Programming language extensions for processing data representation language objects and related applications |
|
|
IBM: US Patent #6,950,825, Fine grained role-based access to system resources (Chang, et al., 2005) |
Intertrust Technologies Corporation: US Patent #6,938,021 (Shear et al., 2005) Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
|
|
IBM: US Patent #6,985,955, System and method for provisioning resources to users based on roles, organizational information, attributes and third-party informatino or authorizations (Gullotta, et al., 2006) |
Intertrust Technologies Corporation: US Patent #6,948,070 (Ginter, et al., 2005) Systems and methods for secure transaction management and electronic rights protection |
|
|
Hewlett-Packard: US Patent #7,076,655 Multiple trusted computing environments with verifiable environment identities (Griffin et al., 2006) |
George Mason U.: US Patent #6,985,953 (Sandhu, et al., 2006) System and apparatus for storage and transfer of secure data on web |
|
| Hewlett-Packard: US Patent #7,093,125 Role based tool delegation. (Robb et al., 2006) |
Voltage Security: US Patent # 7,003,117 (Kacker, et al., 2006) Identity-based encryption system for secure data distribution |
|
| Bradee: US Patent #7,131,000 Computer security system (Bradee, 2006) |
IBM: US Patent # 7,020,667, System and method for data retrieval and collection in a structured format (Curie et al., 2006) |
|
| Hewlett-Packard US Patent #7,159,210 Performing secure and insecure computing operations in a compartmented operating system (Griffin, Dalton, 2007) |
SAP: US Patent #7,031,787, Change management(Kalthoff, et al., 2006) |
|
| Harris Interactive: US Patent #7,171,567 System for protecting information over the internet (Bayer, Mathias, Frost, 2007) |
Microsoft: US Patent #7,043,733 Server application components with control over state duration (Limprecht, et al., 2006) |
|
| Felsher: US Patent #7,181,017 System and method for secure three-party communications (Nagel, Felsher, Hoffberg, 2007) |
Microsoft: US Patent #7,043,734 Component self-deactivation while client holds a returned reference (Limprecht, et al., 2006) |
|
| Unisys: US Patent #7,219,234 System and method for manging access rights and privileges in a data processing system (Ashland, Clouse, 2007) |
Intertrust: US Patent #7,051,212 Systems and methods for secure transaction management and electronic rights protection (Ginter et al., 2006) |
|
| Matsushita: US Patent #7,243,235 Mandatory access control (MAC) method (Guo, Johnson, Park, 2007) |
Intertrust: US Patent #7,62,500 Techniques for defining, using, and manipulating rights management infrastructures (Hall et al., 2006) |
|
| Microsoft: US Patent #7,284,271 Authorizing a requesting entity to operate upon data structures (Lucovsky et al., 2007) |
Microsoft: US Patent #7,062,770 Recycling components after self-deactivation (Limprecht, et al., 2006) |
|
| IBM: US Patent #7,302,569 Implementation and use of a PII data access control facility employing identifying information labels and purpose serving functions sets (Betz et al., 2007) |
Intertrust: US Patent #7,069,451 Systems and methods for secure transaction management and electronic rights protection (Ginter et al., 2006) |
|
| Hewlett-Packard US Patent #7,302,585 System for providing a trustworthy user interface (Proudler et al., 2007) |
Intertrust: US Patent #7,076,652 Systems and methods for secure transaction management and electronic rights protection (Ginter et al., 2006) |
|
| Hewlett-Packard US Patent #7,302,698 Operation of trusted state in computing platform (Proudler, Chan, 2007) Harris: US Patent #7,302,708 Enforcing computer security utilizing an adaptive lattice mechanism (Kovarik, 2007) SAP: US Patent #7,308,704 Data structure for access control (Vogel, Drittler, Kupke, 2007) Oracle: US Patent #7,315,859 Method and apparatus for management of encrypted data through role separation (Samar, 2008) SAP: US Patent #7,350,237 Managing access control information (Vogel, Drittler, Kupke, 2007) IBM: US Patent #7,365,695 Multi-level security systems (LiVecchi, 2008) IBM: US Patent #7,370,366 Data management system and method (LiVecchi, Perez, Shub, 2008) Hewlett-Packard US Patent #7,376,974 Apparatus and method for creating a trusted environment (Proudler et al., 2008) |
Microsoft: US Patent #7,076,784 Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment (Russell, et al., 2006) Novell: US Patent #7,130,880 System and method for sharing files via a user internet file system (Bruton, Mitchell,2006) Microsoft: US Patent #7,165,104 Method and apparatus for managing computing devices on a network (Wang, 2007) IBM: US Patent #7,216,125 Methods and apparatus for pre-filtered access control in computing systems (Goodwin, 2007) Microsoft: US Patent #7,240,244 Object-based software management. (Teegan, Matsumoto, 2007) Microsoft: US Patent #7,243,271 Wrapped object for observing object events (Teegan, Matsumoto, 2007) Electronic Data Systems: US Patent #6,055,637 System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential (Hudson et al., 2000) |