DCT

8:24-cv-03792

Digital Doors Inc v. Eagle Bank

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 8:24-cv-03792, D. Md., 12/31/2024
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains a regular and established business presence in the District of Maryland, including multiple physical locations, and specifically targets customers within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are allegedly compliant with the financial industry’s "Sheltered Harbor" standard, infringe four patents related to methods for granularly filtering, securing, and storing sensitive data in a distributed computing environment.
  • Technical Context: The technology relates to data security and survivability, particularly for protecting critical financial account information from catastrophic events like cyberattacks, a domain of significant importance to the stability of the financial services industry.
  • Key Procedural History: The complaint alleges the inventions were developed to address data security deficiencies identified during military operations. It further alleges that the financial services industry, through the Sheltered Harbor initiative launched in 2015, collectively developed the accused data protection standards years after the patents’ priority date, which Plaintiff presents as evidence of the inventions' unconventional and non-obvious nature.

Case Timeline

Date Event
2007-01-05 Priority Date for all Asserted Patents
2015-04-21 U.S. Patent No. 9,015,301 Issues
2015-01-01 Sheltered Harbor Initiative Launched (approx.)
2017-08-15 U.S. Patent No. 9,734,169 Issues
2019-01-15 U.S. Patent No. 10,182,073 Issues
2019-04-02 U.S. Patent No. 10,250,639 Issues
2024-12-31 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor"

  • Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor," issued April 21, 2015.

The Invention Explained

  • Problem Addressed: The patent describes a technical landscape where enterprises using open computing ecosystems faced significant challenges in managing and securing data. Specific problems included the inability to manage unstructured content effectively, the inefficiency of classifying sensitive data without semantic analysis, and the difficulty of addressing the changing sensitivity of information over its lifecycle (’301) Patent, col. 1:31-55, 2:28-61).
  • The Patented Solution: The invention proposes a method for organizing and processing data that shifts the focus from securing entire files to securing specific "select content" within those files. This is achieved by using a system of designated "categorical filters" (which can be content-based, contextual, or taxonomic) to identify and extract sensitive information from a data input. This extracted "select content" is then stored in corresponding secure data stores, and specific data processes (like copying or archiving) are associated with the filtered content for subsequent processing (’301 Patent, Abstract; col. 3:17-4:14).
  • Technical Importance: This approach provided a more granular and flexible method for data security, allowing enterprises to protect specific sensitive information within a document rather than being limited to applying security protocols to the entire document file (Compl. ¶¶37-38).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent Claim 25 (Compl. ¶101).
  • The essential elements of Claim 25 include:
    • Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one filter and processing a data input through it to obtain select content and associated select content (which is contextually or taxonomically associated).
    • Storing the aggregated select content in the corresponding data store.
    • Associating at least one data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
    • Applying the associated data process to a further data input based on the results of that data being processed by the filter.
    • Activating the filter via an automatic (e.g., time-based, event-based) or manual trigger.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Security Designated Data and with Granular Data Stores"

  • Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Security Designated Data and with Granular Data Stores," issued August 15, 2017.

The Invention Explained

  • Problem Addressed: The patent addresses the need for a secure, distributed architecture for storing sensitive data, particularly in a cloud computing context where data is managed remotely (’169) Patent, col. 1:1-2:16).
  • The Patented Solution: The invention claims a method for processing data in a "distributed cloud-based computing system." The system architecture includes a plurality of "select content data stores" for holding security-designated data and a separate plurality of "granular data stores." The method involves extracting the sensitive data and storing it in the secure "select content data stores," while the "remainder data" is parsed and stored separately in the "granular data stores." Access to both types of data stores is strictly controlled (’169 Patent, Abstract; Claim 1).
  • Technical Importance: This method enhances security by physically or logically separating and isolating critical data from the bulk of non-critical data, reducing the attack surface and making it more difficult for an unauthorized party to access sensitive information (Compl. ¶¶25-26, 53, citing disclosure from parent ’301 Patent).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent Claim 1 (Compl. ¶132).
  • The essential elements of Claim 1 include:
    • Providing, in a distributed cloud-based system, a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server.
    • Coupling these components with a communications network.
    • Extracting and storing security-designated data in the select content data stores.
    • Activating access to the select content data stores based on access controls.
    • Parsing remainder data (not extracted) and storing it in the granular data stores.
    • Withdrawing data from the stores only when respective access controls are applied.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"

  • Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019.
  • Technology Synopsis: This patent addresses the dynamic nature of data security needs by claiming a method where initially configured data filters can be altered. The method includes steps for expanding, contracting, or re-classifying the scope of sensitive and select content within a filter, thereby generating modified filters that are then used to organize subsequent data throughput (’073) Patent, Abstract; Claim 1).
  • Asserted Claims: At least Claim 1 (Compl. ¶168).
  • Accused Features: The complaint alleges that the accused systems, such as the Dell PowerProtect Cyber Recovery system, allow an enterprise to "modify existing policies." This functionality, which allegedly permits the expansion and reduction of data protection parameters, is accused of being the claimed "altering" of filters (Compl. ¶¶188, 190). The complaint provides a screenshot of a user interface for modifying filter options as evidence (Compl. p. 100).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls"

  • Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls," issued April 2, 2019.
  • Technology Synopsis: This patent describes a method of "sanitizing" data processed in a distributed system. The process involves extracting sensitive content from a data input based on its sensitivity level, storing it in a secure "extract store," and then "inferencing" the resulting sanitized data using a combination of content, contextual, and taxonomic filters (’639) Patent, Abstract; Claim 16).
  • Asserted Claims: At least Claim 16 (Compl. ¶198).
  • Accused Features: Plaintiff alleges that the accused systems create "sanitized storage versions of the data" by extracting sensitive account information for storage in a secure vault (Compl. ¶220). The complaint further alleges that compliant systems perform "content scans" and "data analytics," which it equates with the claimed step of "inferencing said sanitized sensitive content data" using various filters (Compl. ¶¶223, 226).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentalities" are identified as the data backup, archiving, and disaster recovery systems and methods that Defendant EagleBank makes, owns, operates, or controls, which are allegedly compliant with the "Sheltered Harbor" industry specification or its functional equivalent (Compl. ¶¶97-98). The complaint repeatedly uses the Dell PowerProtect Cyber Recovery solution as an exemplary compliant system (Compl. ¶72).

Functionality and Market Context

  • The complaint alleges that the Accused Instrumentalities are designed to protect critical customer financial data from a catastrophic cyber event. Their core functionality involves extracting this critical data from a "Production Environment," converting it into a standardized format, and replicating it to an isolated, secure, and immutable "Data Vault Environment" (Compl. ¶¶70, 73, 74). This vault is logically and/or physically separated from the main corporate network, often by an "air gap," to prevent corruption (Compl. ¶¶77, 82). The process is governed by "protection policies" set by the financial institution to define what data is considered critical and must be vaulted (Compl. ¶88). A diagram in the complaint illustrates this architecture, showing data moving from a "Production Environment" to a "Data Vault Environment" via a "Secure Replication" process across an "Air-gap" (Compl. p. 33). The complaint frames the adoption of this technology as a critical, industry-wide response to the growing threat of cyberattacks on the financial sector (Compl. ¶¶63-66).

IV. Analysis of Infringement Allegations

9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed computing system having select content important to an enterprise operating said distributed computing system and represented by one or more predetermined words, characters, images, data elements or data objects... The accused systems manage and protect critical customer financial account data for EagleBank (the enterprise), which is represented by data elements (Compl. ¶¶102, 104). The complaint presents a diagram illustrating the distributed network architecture of such a system (Compl. p. 53). ¶102, ¶104 col. 3:17-25
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters which stores are operatively coupled over a communications network; The accused systems provide a "data vault" which functions as a plurality of data stores (e.g., for Backup, Copy, Lock, and Analyze) and operates with "protection policies" which are alleged to be the claimed categorical filters (Compl. ¶¶107, 109). ¶107, ¶109 col. 13:31-41
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which associated select content is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content; The systems activate "protection policies" (filters) to extract critical financial account information. This extracted information is allegedly associated contextually or taxonomically through the use of aggregated tags and metadata (Compl. ¶¶111, 113). ¶111, ¶113 col. 13:42-48
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; The aggregated select content (e.g., critical account data) is stored in the "data vault," which is the corresponding data store (Compl. ¶¶115-116). ¶115, ¶116 col. 13:49-51
associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process; Compliant systems associate data processes such as copying, archiving, and extracting data with the select content as part of the backup and vaulting policies established by the enterprise (Compl. ¶¶118-119). ¶118, ¶119 col. 13:54-60
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter utilizing said aggregated select content data... Once a protection policy is established, all subsequent data inputs are processed in the same way, automatically applying the associated backup/archiving process (Compl. ¶¶121, 123). ¶121, ¶123 col. 13:61-67
wherein activating a designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based. The accused systems perform processing automatically at a designated time interval (e.g., nightly backups), upon a designated condition (e.g., detection of new data), or manually (Compl. ¶¶125-127). ¶125, ¶127 col. 14:1-5
  • Identified Points of Contention:
    • Scope Questions: A central question may be whether the "protection policies" used in Sheltered Harbor systems, which the complaint describes as filtering based on criteria like "VM Folder Name" (Compl. ¶89), fall within the scope of "categorical filters" as described in the patent. The defense may argue that the patent teaches content-aware filters (e.g., taxonomic, contextual) that are technically distinct from the metadata-based filtering of the accused systems.
    • Technical Questions: The analysis may focus on whether the accused systems truly perform the claimed step of "applying the associated data process to a further data input based upon a result of said further data being processed." The complaint alleges this occurs automatically once a policy is set (Compl. ¶123), but it raises the question of what "result" from the processing is used to trigger the application of the data process to subsequent inputs.

9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of organizing and processing data in a distributed cloud-based computing system... said method comprising: providing in said distributed cloud-based computing system: (i) a plurality of select content data stores for respective ones of a plurality of security designated data; and (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat; The accused systems are allegedly cloud-based and provide a "data vault" (the select content data stores) and production/backup workloads (the granular data stores) (Compl. ¶¶133, 135, 140, 142). The complaint includes a diagram of the Dell system's "Production Environment" and separate "CR Vault," which are alleged to map to these limitations (Compl. p. 70). ¶133, ¶140, ¶142 col. 132:15-26
(with respect to data processed by said cloud-based system) extracting and storing said security designated data in respective select content data stores; The systems extract critical financial account information (security designated data) and store it in the secure data vault (the select content data stores) (Compl. ¶146). ¶146 col. 132:32-34
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores; The complaint alleges that non-extracted "remainder data" is stored in the production and backup systems (the granular data stores) on the production side of the air gap (Compl. ¶¶154-155). ¶154, ¶155 col. 132:40-43
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Access to the data vault for restoration requires satisfaction of strict security measures and access controls, including multi-factor authentication. The data is withdrawn to a "restoration platform" only when these controls are met (Compl. ¶¶160-161). ¶160, ¶161 col. 132:44-48
  • Identified Points of Contention:
    • Scope Questions: The applicability of the term "cloud-based computing system" to the accused architecture may be a key issue. While the complaint notes some compliant systems can be deployed on public clouds (Compl. ¶135), the core architecture is described as an isolated, air-gapped vault. The defense could argue this is a private, on-premise system, not a "cloud-based" one as understood in the art and required by the claim.
    • Technical Questions: It may be disputed whether the routine backup of non-extracted data to production systems constitutes "parsing remainder data" as claimed. The complaint's theory appears to equate standard backup storage with the specific "parsing and storing" step, which raises the question of whether any technical parsing operation, as taught in the patent, actually occurs on the remainder data in the accused systems.

V. Key Claim Terms for Construction

For the ’301 Patent

  • The Term: "categorical filters"
  • Context and Importance: This term is foundational to the infringement theory for the '301 patent. The case may hinge on whether the "protection policies" of the accused systems, which filter data based on system metadata, fall within the patent's definition. Practitioners may focus on this term because the complaint's examples of accused filtering (e.g., "VM Folder Name") may differ from the patent's emphasis on content-level analysis.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent states that the purpose of the filters is to obtain "enterprise designated select content" (’301 Patent, col. 12:53-56), suggesting the definition could be functional and encompass any filter that achieves this enterprise-defined selection. Claim 25 itself does not limit the filters to being content-based.
    • Evidence for a Narrower Interpretation: The specification repeatedly provides specific examples, describing the filters as "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:33-35). The detailed description focuses heavily on using semantic and taxonomic analysis, which could support a narrower construction limited to content-aware filtering.

For the ’169 Patent

  • The Term: "parsing remainder data"
  • Context and Importance: This is a crucial active step of Claim 1. The complaint alleges that storing non-extracted data in production and backup systems satisfies this element (Compl. ¶¶154-155). The viability of this infringement theory depends on how broadly "parsing" is defined.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent does not provide a specific definition for "parsing" in the summary or claims, which could allow for an argument that it covers any form of processing or organizing data for storage, including standard backup procedures.
    • Evidence for a Narrower Interpretation: The detailed description of the parent '301 patent, incorporated by reference, describes parsing in the context of breaking data into "granular pieces" for security and reconstitution (’301 Patent, col. 15:58-16:24). This may suggest that "parsing" requires more than simply copying a file to a backup location and implies a specific method of data decomposition.

VI. Other Allegations

  • Indirect Infringement: The complaint does not contain separate counts for indirect infringement. The allegations are focused on direct infringement by EagleBank as the entity that "makes, owns, operates, uses, or otherwise exercises control over" the accused systems (Compl. ¶97).
  • Willful Infringement: The complaint alleges willful infringement based on two theories of notice. First, it alleges post-suit knowledge from the service of the complaint itself. Second, it alleges pre-suit knowledge dating back to at least September 30, 2014, based on arguments allegedly made during the prosecution of Defendant's own patent applications that referenced the Plaintiff's patents. The complaint further alleges willful blindness, stating Defendant has a policy of not reviewing patents of others (Compl. ¶¶232-233).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "categorical filter," which the patents describe using content-aware, taxonomic, and contextual examples, be construed broadly enough to cover the "protection policies" of the accused systems, which appear to operate on system-level metadata such as file location or virtual machine tags?
  • A second key issue will be one of technical operation: does the standard process of creating an isolated data backup, as performed by the "Sheltered Harbor" compliant systems, meet the specific, active process steps recited in the claims, such as "parsing remainder data" and "applying the associated data process to a further data input based upon a result"?
  • The allegation of willfulness based on pre-suit notice from the defendant's own patent prosecution activities presents a critical question of fact. The court will need to determine whether references made in a patent application constitute the kind of actual knowledge of infringement required to support a finding of willful infringement.