DCT
1:25-cv-02891
DigitalDoors Inc v. Metropolitan Commercial Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Metropolitan Commercial Bank (New York)
- Plaintiff’s Counsel: Lucosky Brookman, LLP; Hoffberg & Associates
- Case Identification: 1:25-cv-02891, S.D.N.Y., 04/08/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Southern District of New York because Defendant maintains a principal place of business, physical branch locations, and employees within the district, and targets its services to customers there.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry’s "Sheltered Harbor" standards, infringe four patents related to methods for granularly filtering, extracting, and securely storing sensitive data in a distributed computing environment.
- Technical Context: The technology at issue addresses secure data management and survivability, a critical concern for financial institutions facing sophisticated cybersecurity threats.
- Key Procedural History: The complaint asserts that the patents-in-suit are "pioneering patents" that have been cited as relevant prior art in hundreds of subsequent U.S. patent applications from numerous technology and financial services companies.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Patents-in-Suit |
| 2015-01-01 | Sheltered Harbor initiative launched |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2025-04-08 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor"
The Invention Explained
- Problem Addressed: The patent describes a need to improve data security beyond conventional, file-based approaches. Prior art systems were allegedly deficient in managing unstructured data, classifying sensitive information based on its content, and protecting data throughout its lifecycle in vulnerable, open-network ecosystems (Compl. ¶¶28, 32; ’301 Patent, col. 1:31-38, 2:3-27).
- The Patented Solution: The invention proposes a method of organizing and processing data by focusing on the content itself rather than the file containing it. It uses a system of "categorical filters" (e.g., content-based, contextual, taxonomic) to identify and extract important "select content" from a data stream. This extracted content is then stored in corresponding secure data stores, separate from the remainder of the data, and managed by associating it with specific data processes like copying, archiving, or destruction (’301 Patent, Abstract; col. 3:17-4:17).
- Technical Importance: This content-centric approach to data security and management provided a more granular and flexible way to protect sensitive information compared to traditional perimeter or file-level security protocols (Compl. ¶¶27, 39).
Key Claims at a Glance
- The complaint asserts infringement of at least independent claim 25 (Compl. ¶99).
- The essential elements of Claim 25 include:
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating a filter to process a data input and obtain select content.
- Storing the aggregated select content in a corresponding data store.
- Associating the activated filter with a data process (e.g., copy, extract, archive).
- Applying that associated data process to a further data input.
- Wherein the filter activation can be automatic (e.g., time-based, condition-based) or manual.
- The complaint does not explicitly reserve the right to assert dependent claims.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Security Designated Data and with Granular Data Stores"
The Invention Explained
- Problem Addressed: The patent addresses the need for secure data management in a distributed, cloud-based computing environment where separating sensitive data for protection while maintaining access is a key challenge (’169 Patent, col. 1:29-2:25).
- The Patented Solution: The invention describes a cloud-based system architecture for securely segmenting data. The method involves providing separate "select content data stores" for sensitive, security-designated data and "granular data stores" for the non-sensitive "remainder data." A cloud-based server manages the extraction of the sensitive data into its secure stores, while the remaining data is parsed and stored elsewhere, with access to both types of data controlled by strict protocols (’169 Patent, Abstract; Fig. 4).
- Technical Importance: The patent provides a specific architectural framework for implementing secure data vaulting in a cloud or hybrid-cloud context, isolating critical assets from the bulk of an enterprise's data (Compl. ¶131).
Key Claims at a Glance
- The complaint asserts infringement of at least independent claim 1 (Compl. ¶130).
- The essential elements of Claim 1 include:
- Providing, in a distributed cloud-based system, a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server.
- Providing a communications network coupling the stores and server.
- Extracting and storing security-designated data in the select content data stores.
- Activating the select content data stores to permit access based on access controls.
- Parsing remainder data (not extracted) and storing it in the granular data stores.
- Withdrawing data from any store only in the presence of applied access controls.
- The complaint does not explicitly reserve the right to assert dependent claims.
U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"
- Technology Synopsis: This patent describes an information infrastructure where data throughput is processed using a plurality of filters. The invention focuses on identifying sensitive and select content with initially configured filters, and then specifically claims the steps of altering those filters (e.g., by expanding or contracting their scope) and then generating modified filters to organize subsequent data throughput (’073 Patent, Abstract; col. 132:1-20). This introduces an adaptive capability to the filtering process.
- Asserted Claims: Claim 1 (Compl. ¶166).
- Accused Features: The accused systems are alleged to infringe by using "protection policies" that define what data to extract and vault, and by providing a user interface that allows the enterprise to modify these policies, thereby altering the filtering rules over time (Compl. ¶¶183, 185-186).
U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls"
- Technology Synopsis: This patent details a method for "sanitizing" data in a distributed system. The method involves a system with multiple sensitivity levels, each with an associated security clearance. The process includes extracting sensitive content from a data input according to its sensitivity level, storing it in a corresponding secure "extract store," and leaving "remainder data." The invention also claims a step of "inferencing" the sanitized data using content, contextual, or taxonomic filters to obtain further classified data (’639 Patent, Abstract; col. 132:15-32).
- Asserted Claims: Claim 16 (Compl. ¶193).
- Accused Features: The accused systems allegedly implement multiple security levels through the use of priority filters and clearance-based access controls for vaulted data. The complaint alleges that the data analytics and scanning performed on data within the secure vault constitute the claimed "inferencing" step (Compl. ¶¶198, 222).
III. The Accused Instrumentality
Product Identification
- The "Accused Instrumentalities" are the systems and methods for data processing and secure data vaulting used by Defendant Metropolitan Commercial Bank, which are alleged to be compliant with the "Sheltered Harbor" specification or a functional equivalent (Compl. ¶96). The complaint identifies the Dell PowerProtect Cyber Recovery for Sheltered Harbor solution as an exemplary system that satisfies the industry standard (Compl. ¶72).
Functionality and Market Context
- The complaint alleges the accused systems create secure, segmented, and immutable backups of critical financial data in an isolated "data vault" to ensure business continuity after a catastrophic cyberattack (Compl. ¶¶70-71, 77). The Sheltered Harbor standard is described as an industry-driven initiative launched in 2015 to protect the U.S. financial system, with participants holding nearly three-quarters of U.S. deposit accounts (Compl. ¶¶63, 65). The complaint provides a diagram from a Dell solution brief illustrating the architecture, which includes a "Production Environment" and a separate, "Air-gapped" "Data Vault Environment" where replicated data is processed and locked (Compl. ¶73, p. 31). This visual depicts the separation of the secure vault from the primary operational network.
IV. Analysis of Infringement Allegations
'9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed computing system having select content important to an enterprise... and represented by... predetermined words, characters, images, data elements or data objects | The Accused Instrumentalities are distributed computing systems used by the Defendant (the enterprise) to manage and protect critical customer financial account data (the select content) (Compl. ¶100, 102). | ¶¶100, 102 | col. 3:17-25 |
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The Sheltered Harbor standard requires a "data vault" (select content data stores) which houses content derived from "protection policies" (designated categorical filters) established by the enterprise (Compl. ¶107). | ¶107 | col. 3:37-43 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content... | The systems activate protection policies (filters) to extract critical financial account information (select content) from the bank's data streams (data input) for protective vaulting (Compl. ¶¶110-111). | ¶¶110-111 | col. 4:1-5 |
| storing said aggregated select content... in said corresponding select content data store | The extracted critical account data is aggregated and stored in corresponding secure storage units within the data vault (Compl. ¶¶114-115). The complaint includes a diagram showing a "Data Vault" with various storage functions, including "Backup," "Copy," and "Lock" (Compl. ¶106, p. 51). | ¶¶114-115 | col. 4:5-10 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... | The filtering process is associated with data processes such as copying, extracting, and archiving data in accordance with the Sheltered Harbor technical requirements and the enterprise's backup policies (Compl. ¶¶116-117). | ¶¶116-117 | col. 4:10-14 |
| applying the associated data process to a further data input... | Once a protection policy is established, all subsequent data inputs are processed in the same way, applying the same copy/archive process to all new data that matches the filter (Compl. ¶¶119-121). | ¶121 | col. 4:14-17 |
| activating a designated categorical filter, which encompasses an automatic activation... [that] is time-based, distributed computer system condition-based, or event-based | The processing of data backups occurs automatically on a designated time interval (nightly), upon a designated condition (detection of new data), or manually ("on demand") (Compl. ¶¶122-124). | ¶124 | col. 14:1-4 |
- Identified Points of Contention:
- Scope Questions: A primary question may be whether the "protection policies" used in the Sheltered Harbor standard, which are focused on identifying "critical financial information," meet the claim definition of "designated categorical filters," which the patent specification describes as including contextual and taxonomic types (’301 Patent, col. 3:41-43). The defense may argue that a policy to "back up all account data" is not the kind of granular, content-aware filter contemplated by the patent.
- Technical Questions: Claim 25 requires "applying the associated data process to a further data input based upon a result of said further data being processed." The complaint alleges this is met by applying the same policy to all subsequent backups (Compl. ¶121). The court may need to determine if this language requires a feedback mechanism or iterative processing step that is absent from a routine, nightly backup process.
'9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server | The accused systems are allegedly cloud-based and provide a "data vault" (select content data stores), use production and backup systems as "granular data stores," and are managed by servers (Compl. ¶¶133, 137-140). | ¶¶133, 138, 140 | col. 4:5-15 |
| providing a communications network operatively coupling said plurality of select content data stores and cloud-based server | The accused systems comprise a distributed, cloud-based architecture with an operatively coupled communications network between the production environment and the data vault (Compl. ¶¶142-143). The complaint includes a diagram illustrating the network architecture required by the Sheltered Harbor standard (Compl. ¶142, p. 69). | ¶¶142-143 | col. 4:16-18 |
| extracting and storing said security designated data in respective select content data stores | The systems extract critical financial information (security designated data) based on protection policies and store it in the secure data vault (select content data stores) (Compl. ¶¶144-145). | ¶145 | col. 4:21-23 |
| parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores | Remainder data not extracted for the vault is stored in the production and backup systems (granular data stores) (Compl. ¶¶152-153). The complaint includes a diagram highlighting the "Backup Workloads" in the production "Data Center" as distinct from the "Cyber Recovery Vault" (Compl. ¶153, p. 75). | ¶¶152-153 | col. 4:32-35 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto | The data vault is protected by strict access controls, including multi-factor authentication, and data can only be withdrawn for restoration upon satisfaction of these security measures (Compl. ¶¶158-160). | ¶¶158-160 | col. 4:39-43 |
- Identified Points of Contention:
- Scope Questions: It raises the question of whether standard production and backup systems, which house data that is simply not selected for vaulting, can be considered the "granular data stores" for "remainder data" as claimed. The defense may argue the patent requires a more deliberate system for handling remainder data, not just the systems where it incidentally resides.
- Technical Questions: What evidence does the complaint provide that the accused systems perform an affirmative act of "parsing" the remainder data, as required by the claim, rather than simply leaving it untouched in the production environment? The infringement theory appears to equate "not extracting" with "parsing and storing."
V. Key Claim Terms for Construction
The Term: "designated categorical filters" (’301 Patent)
Context and Importance: This term is the core mechanism of the invention. The infringement case hinges on equating the accused "protection policies" of the Sheltered Harbor standard with this term. Practitioners may focus on this term because its construction will determine whether a general data backup rule falls within the scope of the more specific filtering technology described in the patent.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent summary describes the system as having filters to "organize select content which is important to an enterprise" (’301 Patent, col. 3:25-27), which could be argued to encompass any policy that selects important data for a specific purpose like disaster recovery.
- Evidence for a Narrower Interpretation: The specification repeatedly provides specific examples, stating the filters include "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 3:41-43). This language may support an interpretation that the term is limited to these enumerated, more sophisticated filter types.
The Term: "parsing remainder data" (’169 Patent)
Context and Importance: This step defines what happens to the data not selected for secure storage. The complaint alleges this is met by leaving the data in existing production systems (Compl. ¶152). Whether this standard operation constitutes "parsing" will be a key dispute.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition of "parsing" in this context. A party might argue that by segmenting the data stream into "extracted" and "not extracted," the system inherently "parses" the remainder by defining it as a separate logical set.
- Evidence for a Narrower Interpretation: In computer science, "parsing" typically implies analyzing a string or block of data to determine its grammatical structure or to break it into constituent parts. The specification describes separating a "source plaintext document" (100) into "common text & placeholders" (104) and "extracted text" (106) (’169 Patent, Fig. 4). This may suggest an affirmative data manipulation step is required, rather than simply leaving data in place.
VI. Other Allegations
- Indirect Infringement: The complaint does not plead separate counts for indirect infringement and focuses its allegations on Defendant's direct infringement through its own use of the Accused Instrumentalities (Compl. ¶¶99, 130, 166, 193).
- Willful Infringement: The complaint alleges that Defendant's infringement was and continues to be willful (Compl. ¶¶126, 162, 189, 225). The basis for this allegation is twofold: first, alleged knowledge of the patents as of the service of the complaint, and second, an alternative allegation of actual notice since at least September 30, 2014, based on arguments made during the prosecution of Defendant's own, unrelated patent applications (Compl. ¶228). The complaint further alleges that Defendant is willfully blind by maintaining a policy of not reviewing the patents of others (Compl. ¶229).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the term "categorical filters," which the patent specification ties to specific content, contextual, and taxonomic analysis, be construed broadly enough to read on the "protection policies" used in the financial industry's Sheltered Harbor standard for identifying and vaulting "critical account data"?
- A second key question will be one of technical operation: does the accused act of creating an isolated backup of critical data in a secure vault, while leaving all other data in existing production systems, satisfy the specific, affirmative claim steps of "parsing remainder data" and storing it in distinct "granular data stores"?
- An important evidentiary question will be one of proof of implementation: the complaint bases its infringement theory on the public specifications of the Sheltered Harbor standard and exemplary third-party systems. The case may turn on what discovery reveals about how Metropolitan Commercial Bank actually implemented its data vaulting systems and whether that specific implementation meets every limitation of the asserted claims.