DCT

1:24-cv-05576

DigitalDoors Inc v. Ameris Bank

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:24-cv-05576, N.D. Ga., 12/05/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Northern District of Georgia because Defendant maintains a regular and established business presence in the district, including physical bank locations and employees, and specifically targets customers within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry’s Sheltered Harbor specification, infringe four patents related to secure, granular data processing and storage in distributed computing systems.
  • Technical Context: The technology concerns methods for identifying, extracting, and securely storing sensitive data in isolated, distributed environments to ensure data survivability and recovery after a catastrophic event like a major cyberattack.
  • Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history concerning the patents-in-suit.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all four Patents-in-Suit
2015-04-21 U.S. Patent No. 9,015,301 Issued
2015-01-01 Sheltered Harbor initiative launched (approximate date)
2017-08-15 U.S. Patent No. 9,734,169 Issued
2019-01-15 U.S. Patent No. 10,182,073 Issued
2019-04-02 U.S. Patent No. 10,250,639 Issued
2024-12-05 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Analysis and Classification and Method Therefor"

The Invention Explained

  • Problem Addressed: The patent describes a need for improved data management in distributed computing systems, where enterprises struggled with securing sensitive information scattered across structured and unstructured files, controlling access in open ecosystems, and managing data with changing sensitivity levels over its lifecycle (Compl. ¶27; ’301 Patent, col. 1:31-2:61). Conventional systems lacked the ability to manage data at the granular content level, relying instead on less secure, file-level controls (Compl. ¶27; ’301 Patent, col. 9:46-58).
  • The Patented Solution: The invention provides a method and system for organizing data by using a plurality of filters (e.g., content-based, contextual, taxonomic) to identify and extract important "select content" from a data stream (Compl. ¶26; ’301 Patent, Abstract). This extracted content is then associated with specific data processes (e.g., copy, archive, destroy) and stored in corresponding designated data stores, allowing for granular control and enhanced security (Compl. ¶¶89-90; ’301 Patent, col. 3:17-4:15). The system architecture is depicted in Figures 1a and 1b of the patent.
  • Technical Importance: The claimed approach represented a shift from managing whole data files to managing the sensitive content within those files, enabling more flexible and secure data handling for purposes like disaster recovery (Compl. ¶27).

Key Claims at a Glance

  • The complaint asserts independent claim 25 (’301 Patent, col. 130:25-131:2).
  • The essential elements of claim 25 include:
    • In a distributed computing system, providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one filter and processing a data input to obtain select content and associated select content (which is contextually or taxonomically associated).
    • Storing the aggregated select content in a corresponding data store.
    • Associating at least one data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
    • Applying the associated data process to a further data input.
    • The filter activation being automatic (e.g., time-based, condition-based, or event-based) or manual.
  • The complaint does not explicitly reserve the right to assert other claims.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Security Designated Data and With Granular Data Stores"

The Invention Explained

  • Problem Addressed: The patent addresses the security challenges of processing and storing sensitive information in distributed, and specifically cloud-based, computing systems (Compl. ¶130). A central problem is how to protect critical data portions from unauthorized access while allowing the rest of the data to remain accessible, and how to ensure data can be recovered after a system failure (Compl. ¶69).
  • The Patented Solution: The invention proposes a method for organizing data in a cloud-based system by providing separate data stores for "security designated data" (the critical, sensitive information) and "granular data" (the remainder) (’169 Patent, Abstract). The system extracts the sensitive data and stores it in secure, access-controlled locations, while parsing and storing the less sensitive remainder data separately, potentially with different security protocols (’169 Patent, col. 3:60-4:13). This separation enhances security by making it harder for an attacker to reconstruct the full data set and facilitates secure recovery by isolating critical information (’169 Patent, Abstract; FIG. 4).
  • Technical Importance: This architecture provides a technical blueprint for data vaulting, where critical information is isolated from production systems to protect it from corruption or attack, a concept central to modern cyber-resilience strategies (Compl. ¶72).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (’169 Patent, col. 132:13-52).
  • The essential elements of claim 1 include:
    • Providing in a distributed cloud-based computing system: a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server, with each select content data store having access controls.
    • Providing a communications network coupling the stores and the server.
    • Extracting and storing security designated data in respective select content data stores.
    • Activating at least one select content data store to permit access based on applying the access controls.
    • Parsing remainder data not extracted and storing it in respective granular data stores.
    • Withdrawing some or all of the security designated and parsed data only in the presence of the applied access controls.
  • The complaint does not explicitly reserve the right to assert other claims.

Multi-Patent Capsule: U.S. Patent No. 10,182,073 & U.S. Patent No. 10,250,639

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"

  • Technology Synopsis: This patent focuses on an information infrastructure that processes data using a plurality of filters. The key inventive concept appears to be the ability to dynamically alter or modify these filters—by expanding, contracting, or changing their classification—and then generating new, modified filters to organize subsequent data throughput (’073 Patent, Abstract).
  • Asserted Claims: Independent Claim 1 (’073 Patent, col. 132:9-133:1).
  • Accused Features: The complaint alleges that the accused systems, such as the exemplary Dell PowerProtect platform, provide a user interface for creating and modifying "protection policies" (the alleged filters), which allows the enterprise to dynamically change the parameters for data extraction and vaulting (Compl. ¶¶182, 185). A screenshot from a Dell instructional video shows a user interface for selecting and modifying filter options (Compl. ¶182, p. 93).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls"

  • Technology Synopsis: This patent claims a method of "sanitizing data" in a distributed system. The process involves using filters to extract sensitive content (which is categorized by sensitivity levels) and select content, storing them in respective secure data stores, and thereby creating sanitized versions of the original data by separating the critical information from the remainder (’639 Patent, Abstract).
  • Asserted Claims: Independent Claim 16 (’639 Patent, col. 132:9-49).
  • Accused Features: The complaint alleges that the accused systems perform this sanitization by extracting critical customer financial data into a secure data vault, which is isolated from production systems where the non-extracted "remainder data" is stored, thus creating a "sanitized" and secure version of the critical data (Compl. ¶¶211, 214-215).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentalities" are identified as the data processing, backup, and disaster recovery systems and methods that Defendant Ameris Bank makes, owns, operates, or uses (Compl. ¶95). The complaint alleges these systems are either compliant with the financial industry’s "Sheltered Harbor" specification for cyber resilience or are "substantially equivalent" in functionality (Compl. ¶95).

Functionality and Market Context

  • The complaint alleges the Accused Instrumentalities are designed to protect critical customer financial data from catastrophic loss, such as from a cyberattack (Compl. ¶62). The core alleged functionality involves a multi-step process: (1) extracting critical account data from production systems; (2) converting the data into a standardized format; (3) transmitting it over a secure, "air-gapped" connection to an isolated environment; and (4) storing it in an immutable, encrypted "data vault" (Compl. ¶¶69-70, 76). The complaint provides a system architecture diagram for an exemplary Sheltered Harbor compliant system, the Dell PowerProtect Cyber Recovery solution, illustrating this separation between a "Production Environment" and a "Data Vault Environment" (Compl. ¶72, p. 31). This system is designed to allow the financial institution to recover critical data and restore customer services even if its primary systems and backups are destroyed or compromised (Compl. ¶70).
  • The complaint frames the use of such systems as an industry standard and a regulatory expectation for financial institutions to ensure the stability of the U.S. financial markets (Compl. ¶¶62, 94).

IV. Analysis of Infringement Allegations

'9,015,301 Patent Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed computing system having select content important to an enterprise... Defendant operates a distributed system to manage and protect critical customer financial account data. ¶99, ¶101 col. 3:17-27
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The accused systems allegedly use a "data vault" with multiple data stores and apply "protection policies" that act as categorical filters to identify critical data for protection. ¶104, ¶106 col. 3:32-41
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content...at least one of contextually associated select content and taxonomically associated select content... Protection policies are allegedly activated to extract critical financial account data. The complaint alleges this data is contextually associated, for example by using tags and metadata to group assets. ¶108, ¶110 col. 4:1-11
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; The extracted critical data is allegedly stored as aggregated content in designated storage units within the secure data vault. ¶112, ¶113 col. 4:12-15
and for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process; The system's protection policies allegedly associate data processes, such as copying, archiving, and extracting data, with the filtered content to manage its backup and vaulting. ¶115, ¶116 col. 4:16-23
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... Once a protection policy is established, it is allegedly applied to all subsequent data inputs, such as nightly backups, that match the filter criteria. ¶118, ¶119-120 col. 4:24-31
...said activating a designated categorical filter encompasses an automatic activation...and said automatic activation is time-based, distributed computer system condition-based, or event-based. The data processing is allegedly performed automatically on a time-based schedule (e.g., nightly backups) or upon detection of new or modified assets (event-based). ¶121, ¶122-123 col. 14:1-5

Identified Points of Contention

  • Scope Questions: A central question may be whether the "protection policies" and "dynamic filters" described in relation to the Accused Instrumentalities (Compl. ¶¶87, 90) fall within the scope of the term "categorical filters", which the patent describes as including "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:33-35). The analysis may focus on whether the accused filtering is merely keyword-based or if it performs the more sophisticated contextual and taxonomic analysis taught by the patent.
  • Technical Questions: The complaint alleges that activating a filter and applying a data process occurs for subsequent data inputs (Compl. ¶118). A technical question for the court will be whether the accused system's process of running nightly backups under a persistent policy constitutes "applying the associated data process to a further data input" in the specific manner required by the claim language.

'9,734,169 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of organizing and processing data...in a distributed cloud-based computing system having select content... Defendant allegedly operates a cloud-based or hybrid-cloud system for managing and protecting critical customer financial data. ¶130, ¶132 col. 3:28-39
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores...; and (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat; The accused architecture allegedly includes a "data vault" (select content stores) and production/backup systems (granular data stores), with the vault having strict access controls like multi-factor authentication. A diagram in the complaint illustrates a "Data Vault Environment" separate from a "Production Environment" (Compl. p. 31). ¶136-139, ¶149 col. 3:32-39
providing a communications network operatively coupling said plurality of select content data stores and cloud-based server; The accused systems allegedly use a dedicated, "air-gapped" communications network to couple the production environment with the data vault. ¶141-142 col. 13:10-14
with respect to data processed by said cloud-based system) extracting and storing said security designated data in respective select content data stores; The system allegedly extracts critical financial account data and stores it in the secure, isolated data vault. ¶143, ¶146 col. 4:1-5
activating at least one of said select content data stores...thereby permitting access to said select content data stores...based upon an application of one or more of said access controls thereat; Access to the data vault for data restoration is allegedly permitted only upon satisfaction of strict security measures, including credentialed access and multi-factor authentication. ¶148, ¶158-159 col. 4:6-10
parsing remainder data not extracted...and storing the parsed data in respective granular data stores; Data not identified as critical (remainder data) is allegedly stored separately in the production and backup systems, outside the secure vault. A diagram highlights "Backup Workloads" in the production data center as distinct from the "Cyber Recovery Vault" (Compl. p. 70). ¶151, ¶152 col. 4:1-5
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Data is allegedly withdrawn from the vault for restoration only after applying strict access controls. ¶157, ¶159 col. 4:10-13

Identified Points of Contention

  • Scope Questions: The claim requires a "distributed cloud-based computing system." A potential point of contention is whether Defendant's disaster recovery architecture, which may be partially on-premises or a hybrid model, meets this limitation as it is understood in the patent. The complaint asserts that exemplary systems are designed for deployment on public clouds like AWS and Azure (Compl. ¶132), but the actual implementation by Ameris Bank may be disputed.
  • Technical Questions: The claim recites "parsing remainder data" and storing it in "granular data stores." The infringement theory appears to equate standard production and backup systems with these "granular data stores" (Compl. ¶152). A factual question will be whether the accused system's normal operation of leaving non-extracted data in its original location constitutes the affirmative steps of "parsing" and "storing" remainder data as required by the claim.

V. Key Claim Terms for Construction

'301 Patent

  • The Term: "categorical filters"
  • Context and Importance: This term is the central mechanism of the invention. The outcome of the infringement analysis for the ’301 patent may hinge on whether the "protection policies" and rule-based systems used in the accused instrumentality (Compl. ¶87) are legally equivalent to the claimed "categorical filters". Practitioners may focus on this term because the patent describes several specific types of filters (content, contextual, taxonomic).
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification introduces the term broadly, stating the system includes "a plurality of enterprise designated categorical filters which include content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:33-37). The use of "include" suggests this list is exemplary, not exhaustive, potentially supporting a broader definition that covers other types of rule-based data classifiers.
    • Evidence for a Narrower Interpretation: The patent provides detailed descriptions of how the contextual and taxonomic filters operate, including using a "Knowledge Expander" search engine and analyzing relationships between data (’301 Patent, col. 10:22-32). A defendant may argue that the term should be limited to filters that perform these specific, sophisticated analytical functions, rather than simpler, keyword-based rules.

'169 Patent

  • The Term: "distributed cloud-based computing system"
  • Context and Importance: This term defines the environment in which the invention operates. As the accused systems may involve on-premises, private cloud, or hybrid infrastructure, the construction of this term is critical to determining whether the patent applies.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent does not appear to provide a specific, limiting definition of "cloud-based." The specification describes distributed computing in general terms, involving multiple computers (PCs, servers) connected over networks like the internet (’169 Patent, FIG. 6; col. 43:40-52). This could support an interpretation covering a wide range of architectures, including private and hybrid clouds.
    • Evidence for a Narrower Interpretation: The term "cloud-based" itself, in the context of a 2007 priority date, might be argued to have a more specific meaning tied to the then-emerging model of on-demand, internet-based computing services (e.g., Amazon S3, launched in 2006). A defendant could argue the patentee intended to cover such public cloud services, not a financial institution's internal, isolated disaster recovery site.

VI. Other Allegations

  • Indirect Infringement: The complaint does not plead separate counts for induced or contributory infringement. The allegations focus on direct infringement by Defendant Ameris Bank for allegedly making, using, and controlling the accused data vaulting systems (Compl. ¶¶98, 129, 165, 192).
  • Willful Infringement: The complaint alleges willful infringement based on Defendant's knowledge of the patents-in-suit since at least the date of service of the complaint (Compl. ¶226). It further alleges that Defendant had, or should have had, notice as of November 21, 2023, due to awareness of lawsuits filed by the Plaintiff against competitor financial institutions (Compl. ¶226). The complaint also asserts that Defendant has a policy or practice of not reviewing the patents of others, constituting willful blindness (Compl. ¶227).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "categorical filters", as described in the ’301 patent with its emphasis on contextual and taxonomic analysis, be construed to cover the industry-standard "protection policies" and rule sets used in modern data vaulting systems, which may perform filtering in a different manner?
  • A key technical and factual question will be one of architectural equivalence: does Ameris Bank's disaster recovery architecture, which separates a production environment from a secure vault, perform the specific steps of "parsing remainder data" and "storing" it in separate "granular data stores" as claimed in the ’169 patent, or does it simply replicate select data while leaving the remainder untouched in a way that is technically distinct from the claimed method?
  • A third central question will concern the applicability of the claims to the accused environment: can the patent claim limitation of a "distributed cloud-based computing system" be interpreted to read on the specific infrastructure used by Ameris Bank, which may be an on-premises or hybrid-cloud system rather than a public, multi-tenant cloud platform?