DCT
1:25-cv-01206
DigitalDoors Inc v. First Western Trust Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: First Western Trust Bank (Colorado)
- Plaintiff’s Counsel: Lucosky Brookman, LLP; Hoffberg & Associates
- Case Identification: 1:25-cv-01206, D. Colo., 04/16/2025
- Venue Allegations: Plaintiff alleges venue is proper in the District of Colorado because Defendant maintains its principal place of business in Denver, operates physical bank locations within the district, employs a substantial number of residents there, and directs its business activities, including the accused data security systems, toward customers in the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the financial industry’s "Sheltered Harbor" standard, infringe four patents related to methods for securely filtering, extracting, and storing sensitive data in distributed computing environments.
- Technical Context: The technology concerns granular data security and survivability, a critical area for the financial services industry, which must protect sensitive customer account information from catastrophic cyberattacks while ensuring operational continuity.
- Key Procedural History: The complaint asserts that the patents-in-suit are "pioneering" and have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial services companies. No prior litigation or post-grant proceedings involving the patents are mentioned.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Asserted Patents |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2015 | Sheltered Harbor Initiative Launched |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2025-04-16 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor"
- Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor," issued April 21, 2015.
The Invention Explained
- Problem Addressed: The patent's background section describes deficiencies in enterprise data management as of the early 2000s, including the inability to manage unstructured data, the vulnerability of open ecosystems with numerous access points, and the difficulty of managing the changing sensitivity of information over its lifecycle (’301 Patent, col. 1:31-2:61).
- The Patented Solution: The invention proposes a system for organizing and processing data by using a series of filters (e.g., categorical, contextual, taxonomic) to identify and extract important "select content" from a larger data stream. This sensitive, extracted content is stored in secure, designated data stores, allowing for enhanced security and controlled data management by focusing on the content itself rather than just the data files. (Compl. ¶27; ’301 Patent, Abstract; col. 3:17-4:35).
- Technical Importance: This approach represented a shift from file-level security to content-level security, enabling more granular control over sensitive information within distributed enterprise systems (Compl. ¶28; ’301 Patent, col. 9:46-58).
Key Claims at a Glance
- The complaint asserts independent claim 25 (’301 Patent, col. 129:24-130:23; Compl. ¶99).
- The essential elements of claim 25 include:
- Providing a plurality of select content data stores operative with designated categorical filters.
- Activating at least one filter to process a data input and obtain contextually or taxonomically associated "select content."
- Storing the aggregated select content in a corresponding data store.
- Associating the activated filter with a data process (e.g., copy, extract, archive).
- Applying that data process to subsequent data inputs processed by the filter.
- The filter activation can be automatic (time-based, condition-based, or event-based) or manual.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores"
- Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores," issued August 15, 2017.
The Invention Explained
- Problem Addressed: The patent addresses the need to secure sensitive data in distributed, and potentially cloud-based, computing systems where data is stored across multiple locations and requires robust access controls to prevent unauthorized reconstruction (’169 Patent, col. 1:57-2:27).
- The Patented Solution: The invention describes a cloud-based system that separates data into "security designated data" and "remainder data." The sensitive data is stored in secure "select content data stores," while the non-sensitive remainder is parsed and stored separately in "granular data stores." A cloud-based server manages access controls, permitting withdrawal and reconstruction of the full data set only upon proper authorization. (’169 Patent, Abstract).
- Technical Importance: The invention provides a specific architecture for data security in a cloud environment by physically and logically separating sensitive from non-sensitive data and enforcing strict, centralized access controls for data retrieval (Compl. ¶131).
Key Claims at a Glance
- The complaint asserts independent claim 1 (’169 Patent, col. 132:15-55; Compl. ¶130).
- The essential elements of claim 1 include:
- Providing select content data stores, granular data stores, and a cloud-based server.
- Extracting and storing security-designated data in the select content data stores.
- Permitting access to the select content data stores only through the application of access controls.
- Parsing "remainder data" (data not extracted) and storing it in the granular data stores.
- The parsing step includes both random parsing and parsing according to a predetermined algorithm.
- Withdrawing data from the various stores only when the access controls are met.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
Multi-Patent Capsule: U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"
- Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019.
- Technology Synopsis: This patent discloses a method for creating a data processing infrastructure that uses an array of initially configured filters to identify sensitive content. The system allows an enterprise to alter these filters—by expanding, contracting, or changing their classification—to dynamically modify how subsequent data is organized and stored in secure, distributed data stores. (’073 Patent, Abstract).
- Asserted Claims: Independent claim 1 is asserted (Compl. ¶166).
- Accused Features: The complaint alleges that the accused systems' use of configurable "protection policies" to identify critical data for extraction, and the ability for the bank to modify those policies, infringes the ’073 Patent (Compl. ¶182, ¶185).
Multi-Patent Capsule: U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls"
- Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls," issued April 2, 2019.
- Technology Synopsis: This patent is directed to a method of "sanitizing" data by separating sensitive content based on a plurality of sensitivity levels, each with an associated security clearance. Extracted sensitive content is stored in secure "extract data stores," creating sanitized remainder data. The system may then use content, contextual, and taxonomic filters to "inference" the sanitized data to derive further insights. (’639 Patent, Abstract).
- Asserted Claims: Independent claim 16 is asserted (Compl. ¶193).
- Accused Features: The complaint accuses the Sheltered Harbor systems of infringing by extracting critical account data (sensitive content) based on predefined rules (filters) and storing it in a secure data vault (extract store), thereby creating sanitized data for disaster recovery purposes (Compl. ¶203, ¶216, ¶219).
III. The Accused Instrumentality
Product Identification
- The accused instrumentalities are the data backup and disaster recovery systems and methods that Defendant *DigitalDoors Inc v. First Western Trust Bank* makes, owns, operates, or uses which are compliant with the "Sheltered Harbor" specification or provide "substantially equivalent functionality" (Compl. ¶96).
Functionality and Market Context
- The complaint alleges that Sheltered Harbor is an industry-driven standard launched in 2015 to protect the U.S. financial system from catastrophic data loss (Compl. ¶63). Compliant systems are alleged to perform several key functions: (1) extracting critical customer account data from a financial institution's production environment; (2) converting the data to a standardized format; and (3) transmitting it to a secure, encrypted, and immutable "data vault" (Compl. ¶70, ¶77). This vault is "air-gapped," meaning it is isolated from production and backup networks to prevent corruption (Compl. ¶82). The complaint provides a diagram from a Dell Solution Brief illustrating this two-part architecture, showing a "Production Environment" connected via a secure, air-gapped replication link to a separate "Data Vault Environment" (Compl. ¶80). The purpose of this architecture is to allow for the secure restoration of customer accounts and funds in the event of a severe cyberattack or other system failure (Compl. ¶66).
IV. Analysis of Infringement Allegations
U.S. Patent No. 9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters | The accused systems provide a "data vault" containing multiple data stores (e.g., for backup, copy, analysis) which operates using "protection policies" that act as categorical filters to identify critical data. | ¶105-107 | col. 4:1-8 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which associated select content is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content | The system activates these protection policies to extract critical financial account data, which is contextually or taxonomically associated using metadata tags for grouping and sorting. | ¶109-111 | col. 4:19-27 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store | The extracted critical account data is stored in the secure data vault. A diagram from a Dell solution brief illustrates the movement of data to storage within the "Cyber Recovery Vault." (Compl. p. 84). | ¶113-114 | col. 4:25-28 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process | The system associates policies with data processes such as backup (a copy/archive process) and vaulting (an extract process) to manage the secure storage of data. | ¶116-117 | col. 4:29-35 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter | Once a protection policy is established, all subsequent data inputs that match the filter are processed in the same way, such as in nightly backups. | ¶119-120 | col. 4:35-41 |
| said automatic activation is time-based, distributed computer system condition-based, or event-based | The data processing is automatic and occurs at designated time intervals (nightly), upon a condition (detection of new assets), or based on an event. | ¶122, ¶124 | col. 4:45-47 |
- Identified Points of Contention:
- Scope Questions: A potential dispute may arise over whether the accused "protection policies," which define broad categories of business data (e.g., "critical customer account data"), meet the patent's definition of "categorical filters," which are also described in the context of more granular content, contextual, and taxonomic analysis.
- Technical Questions: The complaint alleges that extracted data is "taxonomically associated" through the use of metadata tags (Compl. ¶111). A central question may be what evidence demonstrates that the accused system's tagging and grouping functions constitute the specific "hierarchical taxonomic system" described in the patent (’301 Patent, col. 10:22-32).
U.S. Patent No. 9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing in said distributed cloud-based computing system: (i) a plurality of select content data stores...; and (ii) a plurality of granular data stores | The accused systems are alleged to be cloud-based and use a secure "data vault" (the select content data stores) that is isolated from the production environment's backup systems (the granular data stores). A diagram shows the "Backup Workloads" in the "Data Center" as distinct from the "Cyber Recovery Vault." (Compl. p. 68). | ¶137-140 | col. 132:17-23 |
| extracting and storing said security designated data in respective select content data stores | The system extracts critical financial account data (the security designated data) and stores it within the secure data vault. | ¶144, ¶147-148 | col. 132:29-32 |
| parsing remainder data not extracted...and storing the parsed data in respective granular data stores | Data that is not extracted as critical is considered "remainder data" and is stored in the production and backup systems (the granular data stores). | ¶152-154 | col. 132:38-41 |
| (with respect to the aforementioned parsing and storing of remainder data) including both (i) randomly parsing and storing said remainder data, and (ii) parsing and storing said remainder data according to a predetermined algorithm | The complaint alleges that traffic to and from the data vault, as well as data within the production environment, is encrypted, which it equates to being "randomly parsed" or parsed via an algorithm. | ¶155-156 | col. 132:42-47 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto | The data in the vault is immutable and can only be withdrawn for restoration upon satisfaction of strict security measures, such as multi-factor authentication. | ¶158-160 | col. 132:51-55 |
- Identified Points of Contention:
- Scope Questions: The case may turn on whether the entire production environment of a bank can be properly characterized as a store for "remainder data" under the patent's claim language, which could also be read to apply to the non-sensitive portions of a single processed document.
- Technical Questions: What evidence does the complaint provide that the accused system's encryption protocols perform the specific claimed steps of both "randomly parsing" data and parsing it "according to a predetermined algorithm"? The infringement theory appears to equate encryption with these specific parsing methods.
V. Key Claim Terms for Construction
For U.S. Patent No. 9,015,301
- The Term: "categorical filters"
- Context and Importance: This term is the lynchpin of the infringement allegation against the '301 Patent. Plaintiff's theory depends on construing this term to read on the "protection policies" used in the accused Sheltered Harbor systems. The definition will determine whether system-level business rules for data backup qualify as the claimed filtering technology.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification states that designated filters can screen data for an enterprise based on policies such as "level of service policy, customer privacy policy, enterprise human resource policy, financial data handling policy," and others (’301 Patent, col. 4:10-19). This may support a reading that encompasses high-level business rules.
- Evidence for a Narrower Interpretation: The summary of the invention and detailed descriptions heavily emphasize filters that are "content-based," "contextual," and "taxonomic" (’301 Patent, col. 3:33-36). A defendant may argue that the term should be limited to these specific, technically-defined filter types rather than any general business policy.
For U.S. Patent No. 9,734,169
- The Term: "parsing remainder data"
- Context and Importance: Claim 1 requires a specific two-step process for handling data not extracted to the secure stores: it must be parsed and stored. The Plaintiff’s theory is that all data left in the production environment is "remainder data" and that standard network operations like encryption constitute "parsing." The viability of this theory depends on the construction of this term.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not explicitly define "parsing" or limit the source of "remainder data," which may leave room for a broader definition that includes encrypting system-level data left behind after an extraction process.
- Evidence for a Narrower Interpretation: The detailed description explains "parsing" in the context of analyzing a document's content to identify words, characters, or phrases to be separated (’169 Patent, col. 46:1-8). Further, Figure 4 shows a "source plaintext doc" being split into extracted data and common data, suggesting "remainder data" is what is left of a specific data object after processing, not an entire production system.
VI. Other Allegations
- Indirect Infringement: The complaint focuses on allegations of direct infringement, stating Defendant "makes, owns, operates, uses, or otherwise exercises control over" the accused systems (Compl. ¶96). It does not contain separate counts for, or detailed factual allegations supporting, indirect infringement.
- Willful Infringement: The complaint alleges that Defendant's infringement has been willful since receiving notice of the patents. It posits two theories for notice: (1) actual notice upon service of the complaint, and alternatively, (2) pre-suit knowledge dating back to September 30, 2014, based on Defendant's alleged citation to the patents-in-suit during the prosecution of its own patent applications (Compl. ¶228). The complaint further alleges willful blindness based on a purported corporate policy of not reviewing the patents of others (Compl. ¶229).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can claim terms like "categorical filters" and "remainder data," which are described in the patents with reference to granular document-level processing, be construed broadly enough to cover the system-level architecture and high-level business policies of the modern "Sheltered Harbor" data vaulting standard?
- A second central question will be one of technical mapping: does the alleged functionality of the accused systems, such as implementing data encryption or using metadata tags, meet the specific technical requirements of the claims, including the distinct steps of "randomly parsing" and algorithmic "parsing," or performing "taxonomic" analysis? The outcome may depend on the evidence produced regarding how the accused data protection systems actually operate at a technical level.