DCT

8:25-cv-00002

Digital Doors Inc v. Sandy Spring Bank

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 8:25-cv-00002, D. Md., 01/01/2025
  • Venue Allegations: Plaintiff alleges venue is proper in the District of Maryland because Defendant maintains a regular and established business presence in the district and specifically targets customers located there.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods for filtering, securing, and storing sensitive data in a distributed computing environment.
  • Technical Context: The technology relates to secure data management, specifically the extraction of critical data from larger datasets for isolated, secure storage and subsequent reconstruction, a practice critical for disaster recovery in the financial sector.
  • Key Procedural History: The complaint alleges the inventions overcame numerous deficiencies in the state of the art as of the 2007 priority date. It frames the financial industry's collective development of the Sheltered Harbor standard beginning in 2015 as evidence of the patents' non-obviousness and unconventionality.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Asserted Patents
2015-04-21 U.S. Patent No. 9,015,301 Issues
2015-01-01 Sheltered Harbor initiative launched
2017-08-15 U.S. Patent No. 9,734,169 Issues
2019-01-15 U.S. Patent No. 10,182,073 Issues
2019-04-02 U.S. Patent No. 10,250,639 Issues
2025-01-01 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor"

  • Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor," issued April 21, 2015.

The Invention Explained

  • Problem Addressed: The patent describes a need for improved data management in open enterprise ecosystems where sensitive information is vulnerable. Conventional systems were allegedly inefficient at classifying unstructured content, managing data over its lifecycle, and securing granular pieces of data within larger files (Compl. ¶27; ’301 Patent, col. 1:31-2:61).
  • The Patented Solution: The invention provides a method and system for organizing and processing data by using a plurality of filters (e.g., content-based, contextual, taxonomic) to identify and extract "select content" from a data stream. This extracted content is then associated with specific data processes (like copying or archiving) and stored in corresponding data stores, separate from the remaining data, thereby enhancing security and management ('301 Patent, Abstract; col. 3:17-4:14).
  • Technical Importance: This approach shifted data management from a file-based paradigm to a content-based one, allowing for more granular control over sensitive information within both structured and unstructured data formats (Compl. ¶27).

Key Claims at a Glance

  • The complaint asserts independent claim 25 (Compl. ¶101).
  • Essential elements of Claim 25 include:
    • Providing a plurality of select content data stores operative with designated categorical filters.
    • Activating at least one filter and processing a data input to obtain select content that is contextually or taxonomically associated.
    • Storing the aggregated select content in a corresponding data store.
    • Associating at least one data process (e.g., copy, extract, archive) with the activated filter.
    • Applying the associated data process to a further data input.
    • Activating the filter automatically (based on time, system condition, or event) or manually.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"

  • Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores," issued August 15, 2017.

The Invention Explained

  • Problem Addressed: The patent addresses security risks in networked computer systems where information is shared among partners, customers, and vendors. Specifically, it notes the difficulty of managing access to sensitive information throughout its lifecycle and the risk of unauthorized access in open systems (’169 Patent, col. 1:60-2:34).
  • The Patented Solution: The invention describes a distributed, cloud-based computing system for processing data. The system uses a processor to select data based on predetermined criteria and provides pluralities of "select content data stores" and "granular data stores," each with respective access controls. The system extracts security-designated data, stores it in the select content stores, and parses the remaining "remainder data" for storage in the granular data stores, allowing for controlled withdrawal and reconstruction (’169 Patent, Abstract).
  • Technical Importance: This architecture provides a method for segregating sensitive data into secure, access-controlled stores while leaving non-sensitive data in more accessible granular stores, improving security in a cloud-based environment (Compl. ¶133).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (Compl. ¶132).
  • Essential elements of Claim 1 include:
    • Providing a distributed cloud-based computing system with select content data stores, granular data stores, and a cloud-based server, all coupled over a network.
    • Extracting and storing security designated data in the select content data stores.
    • Activating a select content data store to permit access based on access controls.
    • Parsing remainder data not extracted and storing it in the granular data stores.
    • Withdrawing security designated data and parsed data from their respective stores based on access controls.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"

  • Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019.
  • Technology Synopsis: This patent describes an information infrastructure that processes data using a plurality of filters. It focuses on identifying sensitive and select content with initially configured filters, and then altering those filters (e.g., expanding or contracting their scope) to generate modified filters for organizing further data throughput (’073 Patent, Abstract; Compl. ¶¶ 169, 187-190).
  • Asserted Claims: Claim 1 (Compl. ¶168).
  • Accused Features: The accused systems allegedly infringe by using and modifying "protection policies" (i.e., filters) to define what data is extracted and vaulted, thereby altering the data throughput (Compl. ¶¶ 188, 191).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Processing Tools for Processing Data Flow with Distribution Controls"

  • Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Processing Tools for Processing Data Flow with Distribution Controls," issued April 2, 2019.
  • Technology Synopsis: This patent discloses a method of "sanitizing" data by processing it through configurable filters. The system extracts sensitive content based on sensitivity levels and security clearances, stores it in secure "extract data stores," and uses content, contextual, and taxonomic filters to "inference" the sanitized data (’639 Patent, Abstract; Compl. ¶¶ 199, 223).
  • Asserted Claims: Claim 16 (Compl. ¶198).
  • Accused Features: The accused systems allegedly infringe by extracting critical financial account data (sensitive content) for storage in a secure vault, thereby creating sanitized versions of the data, and by using filters to analyze or "inference" that content (Compl. ¶¶ 220, 226).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentalities" are identified as the data processing and security systems and methods that Defendant Sandy Spring Bank makes, owns, operates, or controls, which are compliant with the "Sheltered Harbor" specification or its operational equivalent (Compl. ¶97).

Functionality and Market Context

  • The complaint alleges that Sheltered Harbor is an industry-wide standard for financial institutions to protect critical customer account data from catastrophic events like cyberattacks (Compl. ¶63). The core functionality involves extracting critical account data, converting it to a standard format, and storing it in a secure, isolated, immutable, and "air-gapped" data vault (Compl. ¶¶ 70, 77). This allows for the data to be restored and for basic banking services to resume even if primary and backup systems fail (Compl. ¶71). The complaint provides a diagram from a Dell technical brief illustrating this architecture, which separates a "Production Environment" from a "Data Vault Environment" via a secure, air-gapped replication process (Compl. ¶73, p. 33).
  • The complaint alleges these systems are critical for maintaining customer confidence and regulatory compliance in the financial services industry (Compl. ¶¶ 63, 96).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed computing system... Defendant's systems are alleged to be distributed computing systems that manage and protect sensitive customer financial data. ¶102 col. 3:17-20
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The accused Sheltered Harbor systems allegedly use a "data vault" with multiple data stores, which are operative with "protection policies" that act as categorical filters to identify critical business services and customer account data. ¶¶107-109 col. 3:34-40
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which associated select content is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content The accused systems allegedly activate protection policies (filters) to extract critical financial data, which is contextually or taxonomically associated through the use of metadata tags that group assets. ¶¶111-113 col. 4:1-6
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store The extracted critical account data is allegedly stored in corresponding storage units within the secure data vault. The complaint references a diagram showing various data stores within a "Cyber Recovery Vault," including for backup, copy, and analysis (Compl. ¶108, p. 55). ¶115 col. 4:6-9
for said activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process The accused systems allegedly associate data processes, such as backing up (copying) and vaulting (archiving) critical data, with the selected content. ¶119 col. 3:41-47
applying the associated data process to a further data input... Once a protection policy is established, all subsequent data inputs are allegedly processed in the same way, such as through nightly backups to the designated storage unit. ¶123 col. 4:10-14
activating a designated categorical filter, which encompasses an automatic activation...and said automatic activation is time-based, distributed computer system conditionbased, or event-based The accused systems allegedly perform backups automatically on a time-based schedule (e.g., nightly) or upon the detection of new or modified data assets. ¶¶125, 126 col. 13:46-52
  • Identified Points of Contention:
    • Scope Questions: A central question may be whether an industry-specific disaster recovery protocol like Sheltered Harbor, designed to vault entire sets of critical account data, constitutes the "organizing and processing" of data using "categorical filters" as described in the patent. The defense may argue that Sheltered Harbor is a bulk backup system, not a granular filtering tool.
    • Technical Questions: The complaint's assertion that metadata tagging in the accused system constitutes "contextually associated" and "taxonomically associated" content as claimed may be a point of dispute. The court may need to determine if the alleged tagging performs the classification function described in the patent's specification.

U.S. Patent No. 9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed cloud-based computing system... The accused systems are alleged to be deployable in cloud environments (e.g., AWS, Azure) and to constitute a distributed, cloud-based system. ¶¶133, 135 col. 3:28-31
providing... (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... The accused architecture allegedly includes a secure data vault (select content stores) and production/backup systems (granular data stores), which can be implemented with cloud-based components. The complaint includes a diagram showing distinct "Data Center" and "Cyber Recovery Vault" environments as the claimed data stores (Compl. ¶140, p. 72). ¶¶139, 142 col. 3:35-43
extracting and storing said security designated data in respective select content data stores The accused systems allegedly extract critical financial account data and store it in the secure, air-gapped data vault. ¶146 col. 4:18-20
activating at least one of said select content data stores...thereby permitting access to said select content data stores...based upon an application of one or more of said access controls thereat The data vault is allegedly protected by strict access controls, such as multi-factor authentication, which must be satisfied to permit access for data restoration. ¶¶151, 152 col. 4:21-26
parsing remainder data not extracted... and storing the parsed data in respective granular data stores Data not extracted for the vault (remainder data) allegedly remains stored in the production and backup systems (granular data stores). ¶¶154, 155 col. 4:27-30
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls... Data is allegedly withdrawn from the vault and production systems for restoration only after satisfying strict security and access control protocols. ¶160 col. 4:34-39
  • Identified Points of Contention:
    • Scope Questions: A key dispute may arise over the definition of "cloud-based." The defense could argue that the core feature of the accused system—an "air-gapped" vault—is antithetical to the conventional understanding of an interconnected, cloud-based system. The complaint's assertion that the systems are merely "deployable" in the cloud may be scrutinized.
    • Technical Questions: The claim requires "parsing remainder data" and storing it. The court will likely examine whether simply leaving non-extracted data in its original production environment qualifies as the active steps of "parsing" and "storing" remainder data as recited in the claim.

V. Key Claim Terms for Construction

For the ’301 Patent

  • The Term: "categorical filters"

  • Context and Importance: This term is the central mechanism of the invention. Its construction will determine whether the "protection policies" and data selection rules of the accused Sheltered Harbor systems, which identify broad categories of critical data (e.g., all customer account information), fall within the scope of the claim.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification states that designated categorical filters are used to "store select content relative to the category in certain SC stores," and lists broad enterprise policies like "customer privacy policy" and "financial data handling policy" as examples (’301 Patent, col. 11:56-65). This may support a construction that includes high-level policy-based rules.
    • Evidence for a Narrower Interpretation: The specification also describes filters in more granular terms, such as "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:35-37). The detailed description of these filters focuses on specific keywords, classifications, and contextual relationships, which may support a narrower construction requiring more than just a bulk data category selection.

  • The Term: "contextually associated select content and taxonomically associated select content"

  • Context and Importance: Plaintiff's infringement theory relies on mapping this limitation to the use of metadata and tags in the accused systems. The viability of this theory depends on whether simple tagging is sufficient to meet this claim element.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The patent does not appear to strictly define these terms, leaving room to argue they should be given their plain and ordinary meaning, which could encompass any method of grouping data by context (e.g., all files in a "finance" folder) or by a classification scheme (e.g., tagging).
    • Evidence for a Narrower Interpretation: The specification provides specific examples, explaining that a "hierarchical taxonomic system can be established by reviewing the label descriptions on the structured data and then expanding class definitions with the use of the Knowledge Expander (KE) search engine" (’301 Patent, col. 10:22-26). This may suggest a more complex, structured classification is required than simple metadata tagging.

For the ’169 Patent

  • The Term: "distributed cloud-based computing system"
  • Context and Importance: This term is fundamental to Claim 1. The accused Sheltered Harbor systems are defined by their "air-gapped" and isolated nature. The construction of "cloud-based" will be critical to determining if such a deliberately disconnected architecture can infringe.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent does not provide a specific definition, which may allow Plaintiff to argue that any system using cloud infrastructure components or that is deployable in a cloud environment meets the definition, regardless of operational connectivity.
    • Evidence for a Narrower Interpretation: The common understanding of "cloud-based" implies network accessibility. The specification discusses a system with a server operatively coupled to client computers over a communications network, which may support an interpretation requiring more persistent connectivity than the isolated, air-gapped vault architecture alleged to be used by the Defendant (’169 Patent, col. 43:35-44:11).

VI. Other Allegations

  • Willful Infringement: The complaint alleges that Defendant has been on notice of the patents at least since the filing of the complaint. It further alleges, in the alternative, that Defendant had notice as early as September 30, 2014, due to prosecution of its own patent applications. The complaint also alleges Defendant has a policy of not reviewing the patents of others, and thus has been willfully blind to Plaintiff's patent rights (Compl. ¶¶ 232-233).

VII. Analyst’s Conclusion: Key Questions for the Case

  • Definitional Scope: A core issue will be whether the terminology of the patents, which describes granular data filtering and classification, can be construed to read on the accused systems, which implement the Sheltered Harbor standard—a macro-level, industry-wide protocol for backing up entire categories of critical financial data for disaster recovery. The case may turn on whether a "protection policy" to "vault all critical account data" is equivalent to a "categorical filter" for obtaining "select content."
  • Architectural Mismatch: A key technical question will be whether the accused "air-gapped" data vault architecture, which is prized for its electronic isolation, can be considered a "cloud-based computing system" as required by the ’169 Patent. The resolution may depend on whether the system's potential for cloud deployment is sufficient, or if its fundamental operational principle of disconnection takes it outside the claim's scope.
  • Functional Equivalence: The infringement allegations for the '073 and '639 patents will raise questions of functional equivalence. For the '073 patent, a court will need to determine if modifying a backup policy in the accused system performs the claimed steps of "altering...filters" and "generating modified configured filters." For the '639 patent, the question will be whether the act of extracting and vaulting critical data constitutes the claimed method of "sanitizing" and "inferencing" data.