DigitalDoors Inc v. Flushing Bank

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: DigitalDoors, Inc. (Florida)
  • Defendant: Flushing Bank (New York)
  • Plaintiff’s Counsel: Lucosky Brookman, LLP; Hoffberg & Associates
• Case Identification: 2:25-cv-01895, E.D.N.Y., 04/07/2025
• Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains a regular and established business presence in the Eastern District of New York and targets customers within the district.
• Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are alleged to be compliant with the Sheltered Harbor financial industry standard, infringe four patents related to methods for securely processing, filtering, and storing sensitive data in distributed computing systems.
• Technical Context: The technology concerns granular, content-aware data security, where specific sensitive information is identified and extracted from larger data streams for separate, secure storage, enabling controlled reconstruction for disaster recovery—a critical function for financial institutions.
• Key Procedural History: The complaint frames the dispute around a timeline, alleging the patents’ 2007 priority date predates by many years the financial industry's 2015 development of the accused Sheltered Harbor standard, which Plaintiff offers as evidence of the patents' non-obvious and unconventional nature. The complaint also asserts the patents are "pioneering" and have been cited as prior art in hundreds of subsequent patent applications by major technology and financial companies.

Case Timeline

Date	Event
2007-01-05	Earliest Priority Date for all Patents-in-Suit
2015-04-21	U.S. Patent No. 9,015,301 Issued
2015-01-01	Sheltered Harbor financial industry initiative launched
2017-08-15	U.S. Patent No. 9,734,169 Issued
2019-01-15	U.S. Patent No. 10,182,073 Issued
2019-04-02	U.S. Patent No. 10,250,639 Issued
2025-04-07	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301: Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor (Issued April 21, 2015)

The Invention Explained

• Problem Addressed: The patent describes a state of the art where enterprises could not effectively manage or secure sensitive information at the content level, particularly within unstructured data files in "open ecosystems" vulnerable to numerous access points (Compl. ¶¶30-32; ’301 Patent, col. 1:31-2:27). Existing security was file-based, not content-based, and lacked sophisticated semantic or taxonomic analysis capabilities (’301 Patent, col. 1:39-55).
• The Patented Solution: The invention proposes a method for organizing and processing data by using a plurality of "categorical filters" (e.g., content-based, contextual, taxonomic) to analyze a data input, identify "select content" of importance to the enterprise, and extract it ('301 Patent, Abstract). This extracted content is stored in designated data stores, and specific data processes (e.g., copy, archive, distribution, destruction) are associated with the activated filter, allowing for granular, policy-driven control over the information itself rather than just the file containing it (’301 Patent, col. 3:17-4:35).
• Technical Importance: This approach represented a shift from managing data files to managing the sensitive content within them, enabling more granular and robust security architectures (Compl. ¶12).

Key Claims at a Glance

• The complaint asserts independent claim 25 (Compl. ¶99).
• The essential elements of claim 25 include:
  • A method of organizing and processing data in a distributed computing system for an enterprise.
  • Providing a plurality of select content data stores operative with designated categorical filters.
  • Activating at least one categorical filter and processing a data input to obtain select content.
  • Storing the aggregated select content in a corresponding data store.
  • Associating at least one data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
  • Applying the associated data process to a further data input.
  • The filter activation is automatic (time-based, condition-based, or event-based) or manual.
• The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 9,734,169: Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores (Issued August 15, 2017)

The Invention Explained

• Problem Addressed: The patent addresses the need for secure data storage and controlled access in distributed, cloud-based computing systems, where data is vulnerable if stored monolithically (’169 Patent, col. 16:30-47).
• The Patented Solution: The invention discloses a method for a distributed cloud-based system that separates sensitive data from non-sensitive data. It involves providing distinct data stores for "security designated data" and "granular data stores" for remainder data, coupled to a cloud-based server (’169 Patent, Abstract). The process involves extracting sensitive data and storing it in the secure select content stores, while "parsing remainder data" and storing it separately in the granular stores. Access to the sensitive data is then permitted only through the application of access controls, and data can be withdrawn for reconstruction (’169 Patent, col. 3:28-4:18).
• Technical Importance: The claimed architecture provides enhanced security by physically or logically separating sensitive data extracts from the less-sensitive remainder, reducing the risk of a comprehensive breach (Compl. ¶¶131-132, 137).

Key Claims at a Glance

• The complaint asserts independent claim 1 (Compl. ¶130).
• The essential elements of claim 1 include:
  • A method of organizing and processing data in a distributed cloud-based computing system.
  • Providing a plurality of select content data stores for security-designated data, a plurality of granular data stores, and a cloud-based server.
  • Extracting and storing security-designated data in the select content data stores.
  • Activating a data store to permit access based on access controls.
  • Parsing remainder data not extracted and storing it in the granular data stores.
  • Withdrawing data from the respective stores only in the presence of the access controls.
• The complaint does not explicitly reserve the right to assert dependent claims.

Multi-Patent Capsule: U.S. Patent No. 10,182,073

• Patent Identification: U.S. Patent No. 10,182,073, “Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores,” issued January 15, 2019.
• Technology Synopsis: This patent addresses the need for a dynamic and adaptable data filtering system. It claims a method for creating an information infrastructure where initially configured filters, used to identify and separate sensitive content, can be altered by expanding, contracting, or reclassifying their parameters to manage subsequent data throughput dynamically (’073 Patent, Abstract; col. 1:55-2:18).
• Asserted Claims: Claim 1 (Compl. ¶166).
• Accused Features: The complaint accuses systems that allow an enterprise to define, run, and modify existing protection policies, thereby altering the filtering rules for ongoing data backup and recovery operations (Compl. ¶¶182-185).

Multi-Patent Capsule: U.S. Patent No. 10,250,639

• Patent Identification: U.S. Patent No. 10,250,639, “Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls,” issued April 2, 2019.
• Technology Synopsis: This patent describes a method for "sanitizing" data based on multiple sensitivity levels and associated security clearances. The process involves extracting sensitive content, storing it in secure extract stores corresponding to its sensitivity level, and storing the non-extracted remainder data separately. The invention further claims using filters (content, contextual, taxonomic) to "inference" the sanitized data for analysis (’639 Patent, Abstract; col. 4:26-4:66).
• Asserted Claims: Claim 16 (Compl. ¶193).
• Accused Features: The accused systems are alleged to perform data sanitization by extracting critical account data (sensitive content) into a secure vault, leaving the remainder data in the production environment, and then applying analytics (inferencing) to the vaulted data (Compl. ¶¶216-217, 222).

III. The Accused Instrumentality

• Product Identification: The "Accused Instrumentalities" are identified as the data backup and disaster recovery systems and methods owned, operated, or controlled by Defendant Flushing Bank (Compl. ¶96). The complaint specifies that these systems are compliant with the Sheltered Harbor financial industry specification or are "substantially equivalent" in functionality (Compl. ¶96).
• Functionality and Market Context: The complaint alleges the accused systems implement the Sheltered Harbor standard, which requires financial institutions to protect critical customer account data for disaster recovery (Compl. ¶63). This is allegedly achieved by extracting the critical data, converting it into a standardized format, and storing it in a secure, immutable, and isolated "data vault" (Compl. ¶¶70, 77). This vault is "air-gapped" from production and backup networks to protect against cyberattacks (Compl. ¶77). The complaint uses Dell's PowerProtect Cyber Recovery for Sheltered Harbor as an "exemplary system" that embodies the accused functionality, noting its architecture includes a "Production Environment" and a separate, isolated "Data Vault Environment" connected by a logical air gap (Compl. ¶¶72, 81-82). A diagram from Dell's marketing materials illustrates this separation of production data from the replicated, vaulted data that undergoes "Sheltered Harbor Processes" (Compl. ¶73, p. 31). The complaint asserts that Sheltered Harbor certification is an industry standard required by regulators to ensure public confidence and business continuity (Compl. ¶95).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25)	Alleged Infringing Functionality	Complaint	Patent
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters...	The accused systems provide a "data vault," which is an ultra-secure environment comprising multiple data stores (e.g., for backup, copy, lock, and analysis) that house content derived from designated categorical filters established by the enterprise's "protection policy."	¶¶105-107	col. 13:25-31
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which associated select content is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content...	The accused systems activate "protection policies" (filters) to extract critical financial account information. This extraction is allegedly based on contextual or taxonomic associations, such as grouping data using metadata tags implemented within the system.	¶¶109-111	col. 13:38-45
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store...	The accused systems store the extracted critical account data (aggregated select content) in the secure data vault (the corresponding data store), which is encrypted, unchangeable, and separated from the main infrastructure.	¶¶113-114	col. 13:46-49
for said activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process...	Compliant systems associate data processes like copying, extracting, and archiving data with the selected content as part of managing the data backup and vaulting according to established policies.	¶¶116-117	col. 13:50-55
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter...	Once a protection policy is established, all subsequent data inputs are processed in the same way, with the system creating a new storage unit to which all subsequent backups go.	¶¶119-121	col. 13:56-62
wherein activating said designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based.	Processing allegedly occurs automatically at a designated time (e.g., nightly), upon a designated condition (e.g., detection of new data or modification of existing assets), or manually. A diagram from a Dell user guide shows options for scheduling reports based on filters, which the complaint uses to illustrate such activation (Compl. p. 89).	¶¶122-124	col. 13:63-14:3

• Identified Points of Contention:
  • Scope Questions: A central question may be whether the "protection policies" implemented in Sheltered Harbor-compliant systems, which are designed to "back up critical customer account data" (Compl. ¶91), are equivalent in scope to the "plurality of designated categorical filters" required by the claim. The defense may argue that the accused systems perform bulk data set backups, whereas the patent claims a more granular, content-aware filtering method.
  • Technical Questions: What evidence does the complaint provide that the accused systems perform "contextually associated" and "taxonomically associated" filtering? The complaint points to the use of metadata and "tag grouping" (Compl. ¶111), but the degree of technical overlap between this functionality and the detailed taxonomic classification systems described in the patent (e.g., '301 Patent, col. 10:22-32) will likely be a point of dispute.

U.S. Patent No. 9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint	Patent
a method... in a distributed cloud-based computing system...	The accused systems are allegedly cloud-based, with options for implementation on platforms like AWS, Azure, and Google Cloud, or are hybrid systems with operatively coupled cloud components.	¶¶131, 133, 143	col. 131:18-20
providing... (i) a plurality of select content data stores for respective ones of a plurality of security designated data; and (ii) a plurality of granular data stores; and (iii) a cloud-based server...	The accused systems provide a secure "data vault" (select content stores) and separate production/backup systems (granular data stores), which are operatively coupled. The complaint includes a diagram showing "Backup Workloads" in the data center as distinct from the "Cyber Recovery Vault" (Compl. p. 68).	¶¶137, 140-141	col. 131:21-27
with respect to data processed by said cloud-based system, extracting and storing said security designated data in respective select content data stores...	The accused systems extract critical financial data (security designated data) and store it in the secure, air-gapped data vault.	¶¶144-145	col. 131:33-36
activating at least one of said select content data stores... thereby permitting access... based upon an application of one or more of said access controls...	The complaint alleges that access to the data vault is protected by strict security measures, including multi-factor authentication and least-privilege access concepts.	¶¶149-150	col. 131:37-43
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores...	The complaint alleges that non-extracted "remainder data" is stored in production and backup systems, which constitute the "granular data stores" outside the data vault.	¶¶152-153	col. 131:44-47
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto.	The purpose of the accused systems is to allow for emergency restoration of the vaulted data, which can only be withdrawn upon satisfaction of strict security and access control protocols.	¶¶158-159	col. 131:48-53

• Identified Points of Contention:
  • Scope Questions: Does the term "cloud-based computing system" read on the accused architecture, which the complaint itself describes as potentially involving an on-premises production environment and a separate vault that could be on-premises or provided by a remote service provider? (Compl. ¶¶80, 82). The definition of "cloud-based" may be a key construction issue.
  • Technical Questions: Does the accused system's act of leaving non-extracted data in the production environment constitute "parsing remainder data ... and storing the parsed data" as required by the claim? The defense may argue that the claim requires an active parsing and storing step for the remainder data, whereas the accused system simply leaves the original data in place.

V. Key Claim Terms for Construction

• The Term: "activating... categorical filters" ('301 Patent, Claim 25)

• Context and Importance: This term is central to the infringement theory. The case may turn on whether the accused "protection policies" of the Sheltered Harbor standard, which identify "critical customer account data" for backup, qualify as "categorical filters" under the patent's definition. Practitioners may focus on whether this term requires the sophisticated, multi-layered semantic and contextual analysis described in the specification, or if it can be read more broadly to cover rule-based data set identification.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The patent states that designated filters screen data for an enterprise based on policies such as "level of service policy, customer privacy policy, enterprise human resource policy," and others, suggesting the term is not limited to purely technical or syntactic rules (’301 Patent, col. 4:15-25).
  • Evidence for a Narrower Interpretation: The specification provides detailed examples of specific filter types, such as "content-based filters, contextual filters and taxonomic classification filters," which are described as being applied to data inputs (’301 Patent, col. 13:32-37). The detailed description of how these filters operate (e.g., using a Knowledge Expander search engine) could support a narrower construction limited to such advanced analytical tools.

• The Term: "distributed cloud-based computing system" ('169 Patent, Claim 1)

• Context and Importance: The applicability of the '169 Patent depends on whether the accused systems meet this definition. The complaint alleges the accused systems, which may involve on-premises hardware, are "cloud-based" (Compl. ¶133). The construction of this term will determine if that allegation is legally and factually viable.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition of "cloud-based." A party could argue for the plain and ordinary meaning, which might encompass any system utilizing network-accessible, distributed resources, including hybrid on-premise/remote architectures.
  • Evidence for a Narrower Interpretation: The complaint itself uses diagrams of exemplary systems that depict distinct "Production" and "Vault" environments, which could be physically located on-premises (Compl. p. 34). A party might argue that the ordinary meaning of "cloud-based" implies third-party-hosted, on-demand infrastructure (e.g., AWS, Azure), which may not fully describe the accused systems.

VI. Other Allegations

• Indirect Infringement: The complaint does not contain specific counts for indirect infringement.
• Willful Infringement: The complaint alleges willful infringement based on two theories (Compl. ¶¶227-229). First, it alleges Defendant has been on notice of the patents since at least the date of service of the complaint. Second, it alleges pre-suit knowledge dating back to at least September 30, 2014, based on the patents-in-suit being cited during the prosecution of Defendant's own patent applications (Compl. ¶228). The complaint further alleges that Defendant has a "policy or practice of not reviewing the patents of others" and instructs its employees not to, constituting willful blindness (Compl. ¶229).

VII. Analyst’s Conclusion: Key Questions for the Case

• A central issue will be one of technical equivalence: Do the accused Sheltered Harbor-compliant systems, which are designed for the macro-level purpose of backing up pre-defined "critical data sets," perform the specific, granular, content-aware filtering, extraction, and processing steps required by the asserted claims? The court will likely have to determine whether the accused "protection policies" are technologically equivalent to the "categorical," "contextual," and "taxonomic" filters described in the patents.
• A key question will be one of claim scope and timing: Plaintiff's case is built on the narrative that its 2007-priority inventions were unconventional, with the financial industry’s later adoption of the accused Sheltered Harbor standard in 2015 serving as evidence of that novelty. The court will need to assess whether the claims, when properly construed, were in fact non-obvious in 2007, and whether they are broad enough to read on the industry-standard systems developed years later.
• A significant question for damages will be one of willfulness: The allegation that Defendant had pre-suit knowledge of the patents because they were cited during the prosecution of its own patent applications raises a critical factual issue. The court's determination of whether this constitutes pre-suit notice, especially when combined with an alleged policy of willful blindness, could substantially impact potential liability for enhanced damages.