DCT

2:22-cv-00457

DigitalDoors Inc v. IBM Corp

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:22-cv-00457, E.D. Tex., 02/24/2023
  • Venue Allegations: Venue is alleged to be proper in the Eastern District of Texas because IBM commits acts of infringement in the district and maintains regular and established places of business, including data centers, in Plano and Carrollton, Texas.
  • Core Dispute: Plaintiff alleges that Defendant’s IBM Cloud Object Storage products and services infringe seven patents related to methods for securing data through granular extraction, dispersal into separate storage locations, and access-controlled reconstruction.
  • Technical Context: The technology concerns distributed data security, where sensitive portions of a data file are separated and stored apart from the non-sensitive remainder, enhancing security and enabling granular access control, a foundational concept in modern cloud storage.
  • Key Procedural History: The complaint alleges that IBM acquired Cleversafe, Inc. in November 2015, whose technology forms the basis of the accused IBM Cloud Object Storage products. It is further alleged that DigitalDoors' patents were cited over 4,800 times in IBM's and Cleversafe's own patent prosecution. The complaint also alleges a 2010 meeting between DigitalDoors's president and IBM representatives, where IBM was allegedly notified of DigitalDoors's patent portfolio.

Case Timeline

Date Event
2000-11-13 Earliest Priority Date for all Patents-in-Suit
2004-01-01 Cleversafe, Inc. Launch Date
2007-12-25 U.S. Patent 7,313,825 Issue Date
2008-01-22 U.S. Patent 7,322,047 Issue Date
2008-03-25 U.S. Patent 7,349,987 Issue Date
2009-06-23 U.S. Patent 7,552,482 Issue Date
2010-01-01 DigitalDoors and IBM representatives meet
2010-05-18 U.S. Patent 7,721,344 Issue Date
2011-06-07 U.S. Patent 7,958,268 Issue Date
2013-06-18 U.S. Patent 8,468,244 Issue Date
2015-11-01 IBM acquires Cleversafe, Inc.
2023-02-24 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

No probative visual evidence provided in complaint.

U.S. Patent 7,313,825, “Data security system and method for portable device,” issued December 25, 2007

The Invention Explained

  • Problem Addressed: The complaint describes the problem of traditional "all-or-nothing" data access and the vulnerability of storing complete data files in single locations (Compl. ¶25). The patent specification focuses on the need to secure data on portable devices that may move between secure and insecure physical locations ('825 Patent, Abstract).
  • The Patented Solution: The invention determines the physical location of a portable computing device (e.g., via GPS) and, based on whether the device is within a "predetermined region," extracts security-sensitive data from a file ('825 Patent, Abstract). The extracted data is stored separately from the remainder data, and reconstruction is permitted only when the user has the proper security clearance and the device is within the approved geographic territory ('825 Patent, col. 20:38-51).
  • Technical Importance: This approach provided a method for location-aware, granular data security, which was relevant for government and military applications requiring data access to be tied to a device's physical presence in a secure area (Compl. ¶8).

Key Claims at a Glance

  • The complaint asserts independent claim 81 (Compl. ¶36).
  • Claim 81 requires, in essential part:
    • A method of securing data on a computer system having at least one portable computing device.
    • Determining when the portable computing device is within a predetermined region based upon its current location data.
    • Permitting full or partial reconstruction of the data only in the presence of a predetermined security clearance and only when the portable device is not beyond the predetermined region.
  • The complaint reserves the right to assert additional claims (Compl. ¶17).

U.S. Patent 7,322,047, “Data security system and method associated with data mining,” issued January 22, 2008

The Invention Explained

  • Problem Addressed: The complaint alleges that traditional data security was a binary "all-or-nothing" approach, preventing users with different credentials from accessing different parts of the same data set, and that storing entire files in one place made them vulnerable to hacking (Compl. ¶25).
  • The Patented Solution: The patented method secures data by "extracting" security-sensitive content to create "extracted data" and "remainder data" ('047 Patent, Abstract). These two sets of data are stored in separate "extract stores" and "remainder stores," respectively, which correspond to different security levels ('047 Patent, col. 2:21-31). Data can be fully or partially reconstructed only when a user provides a "predetermined security clearance" corresponding to the security level of the data they wish to access ('047 Patent, Abstract).
  • Technical Importance: The invention provided a method for granular, multi-level security that improved computer functionality by moving beyond binary access controls and enabling secure, distributed data storage architectures (Compl. ¶¶25-26).

Key Claims at a Glance

  • The complaint asserts independent claims 1, 15, 33, and 47 (Compl. ¶29).
  • Claim 1, a method claim, requires, in essential part:
    • Extracting security sensitive content from data to obtain subsets of extracted data and remainder data.
    • Storing the extracted data and remainder data in respective extract stores and a remainder store.
    • Permitting reconstruction of some or all of the data only in the presence of a predetermined security clearance for the respective security level.
  • The complaint explicitly asserts multiple dependent claims (Compl. ¶29).

Multi-Patent Capsule: U.S. Patent 7,349,987, “Data security system and method with parsing and dispersion techniques,” issued March 25, 2008

  • Technology Synopsis: The patent describes a method for securing data by extracting or parsing sensitive information and storing it in "physically distinguishable" or "physically distinct" memories, separate from the remainder data. Reconstruction of the data requires a predetermined security clearance corresponding to the data's security level ('987 Patent, Abstract).
  • Asserted Claims: Independent claims 1, 10, 16, and 22 are asserted, among others (Compl. ¶29).
  • Accused Features: The complaint alleges that IBM COS infringes by using an Information Dispersal Algorithm (IDA) to parse data into "slices" that are then stored on physically distinguishable "Slicestor nodes," with access and reconstruction controlled by security clearances like ACLs and IAM policies (Compl. ¶¶198, 206-208).

Multi-Patent Capsule: U.S. Patent 7,552,482, “Data security system and method,” issued June 23, 2009

  • Technology Synopsis: The patent describes securing data that originates on a personal computer within a distributed computer system. The method involves accepting data input from the personal computer, extracting the security-sensitive content, and storing that extracted content in separate "extract data stores" across the network.
  • Asserted Claims: Independent claims 1 and 26 are asserted, among others (Compl. ¶29).
  • Accused Features: The complaint alleges IBM COS accepts data from users' personal computers, splits the data into slices containing sensitive and non-sensitive content, stores these slices on distributed Slicestor nodes, and permits reconstruction on a personal computer after verifying security clearances (Compl. ¶¶339, 341-344).

Multi-Patent Capsule: U.S. Patent 7,721,344, “Data security system and method,” issued May 18, 2010

  • Technology Synopsis: The patent relates to securing data in a client-server computer system. It describes extracting security-sensitive content from data input at a client computer and storing it in extract data stores, while the remainder data is stored on the client or server computer. Reconstruction is permitted after accessing the separate stores with the required security clearance.
  • Asserted Claims: Independent claims 1, 39, 52, 79, and 106 are asserted, among others (Compl. ¶29).
  • Accused Features: The complaint alleges IBM COS operates as a client-server system where client applications provide data to Accesser nodes (servers) which extract sensitive content into slices and store them on Slicestor nodes (extract stores), with reconstruction controlled by security clearances (Compl. ¶¶411, 413-417).

Multi-Patent Capsule: U.S. Patent 7,958,268, “Data security system and method adjunct to a browser, telecom or encryption program,” issued June 7, 2011

  • Technology Synopsis: The patent describes securing data that passes through a browser in a distributed system. The method involves extracting security-sensitive content from the browser input, storing it in "extract stores," and forwarding the remainder data to its target destination, with access to the extract stores requiring a security clearance.
  • Asserted Claims: Independent claims 31, 36, and 41 are asserted (Compl. ¶29).
  • Accused Features: The complaint alleges IBM COS secures user data input via a browser, splits the data, stores the resulting slices on distributed nodes (extract stores), and forwards any remainder data, with access to the stored slices controlled by security clearances (Compl. ¶¶619, 627-630).

Multi-Patent Capsule: U.S. Patent 8,468,244, “Digital information infrastructure and method for security designated data and with granular data stores,” issued June 18, 2013

  • Technology Synopsis: The patent describes a distributed computer system for organizing and processing data. The system has "select content data stores" and "granular data stores" in a server cloud. An "extractor" stores security-designated data in the select content stores, while a processor activates access controls to permit reconstruction of the security-designated data with the remainder data.
  • Asserted Claims: Independent claim 1 is asserted (Compl. ¶29).
  • Accused Features: The complaint alleges the IBM COS system is a distributed computer system that stores and processes data. Its storage nodes are alleged to be the claimed "select content data stores" and "granular data stores," and its nodes are alleged to perform the claimed extracting, storing, and processing functions under the control of access controls like ACLs and IAM (Compl. ¶¶675-682).

III. The Accused Instrumentality

  • Product Identification: The accused instrumentality is IBM Cloud Object Storage (COS), offered both as a cloud-based service ("COS as a Service") and as an on-premises deployment using IBM hardware or third-party servers (Compl. ¶¶27, 54, 128).
  • Functionality and Market Context: The complaint alleges that IBM COS is a storage product for unstructured data designed for high durability and security (Compl. ¶28). Its accused functionality involves using "Accesser nodes" to apply an Information Dispersal Algorithm (IDA), which splits customer data into subsets called "slices" (Compl. ¶¶47, 68). These slices are then stored across a distributed network of "Slicestor nodes" (Compl. ¶¶48, 69). Access to the data for reconstruction is allegedly controlled by a multi-layered security framework including Access Control Lists (ACLs), Identity and Access Management (IAM) policies, and context-based restrictions such as IP address ranges (Compl. ¶¶43-45). The complaint alleges that the accused technology is foundational to IBM's cloud storage offerings and is based on technology IBM acquired from Cleversafe, Inc. for $1.3 billion in 2015 (Compl. ¶14).

IV. Analysis of Infringement Allegations

7,313,825 Patent Infringement Allegations

Claim Element (from Independent Claim 81) Alleged Infringing Functionality Complaint Citation Patent Citation
determining when said portable computing device is within a predetermined region based upon said current location data; IBM COS uses a portable device's current location, such as its network location from an IP address, to determine if the device is within a predetermined, allowed network context (e.g., an approved IP range or VPC). ¶51 col. 20:32-34
permitting full or partial reconstruction of said data ... only in the presence of a predetermined security clearance access control ... and only when said portable computing device is not beyond said predetermined region. IBM COS permits reconstruction of data objects by combining slices only when a user provides the appropriate security clearance (e.g., ACLs, IAM) and the access request originates from within the allowed network context or region. ¶52 col. 20:38-41

7,322,047 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
extracting said security sensitive content from said data to obtain (a) subsets of extracted data and (b) remainder data; IBM COS Accesser nodes utilize an Information Dispersal Algorithm (IDA) to split original data into subsets called "slices." When the original data contains sensitive content, that content is found in some slices but not others, thereby creating extracted data (slices with sensitive content) and remainder data (slices without). ¶68 col. 2:21-25
storing said extracted data and said remainder data in respective extract stores ... and said remainder store, respectively; IBM COS stores the data slices on various Slicestor nodes. The nodes storing slices with security-sensitive content allegedly function as "extract stores," while other nodes function as "remainder stores." ¶69 col. 2:26-31
permitting reconstruction of some or all of said data ... only in the presence of predetermined security clearance for said respective security level... IBM COS permits reconstruction of a full or partial data object by combining slices from the various Slicestor nodes, but only allows retrieval from the nodes containing sensitive content when the user provides the appropriate security clearance (e.g., via ACLs or IAM policies). ¶70 col. 2:32-41
  • Identified Points of Contention:
    • Scope Questions: The infringement theory for the ’825 Patent raises the question of whether the patent's concept of a "portable computing device" within a "predetermined region," described in embodiments using GPS and physical geography ('825 Patent, Fig. 15), can be construed to cover a device's logical network location, such as an IP address or VPC, as alleged by the complaint (Compl. ¶¶50-51).
    • Technical Questions: The infringement theory for the ’047 Patent and related patents raises a central question of technical operation: does IBM's use of an Information Dispersal Algorithm (IDA), which mathematically divides a data stream into slices (Compl. ¶68), perform the claimed step of "extracting said security sensitive content"? A court may need to determine whether this content-agnostic "slicing" is equivalent to the patent's "extracting," which is also described in the specification as a content-aware filtering process (e.g., using a dictionary) ('047 Patent, col. 19:40-67).

V. Key Claim Terms for Construction

  • The Term: "portable computing device locatable with current location data" (’825 Patent, Claim 81)

    • Context and Importance: The plaintiff’s infringement theory depends on this term covering devices identified by their network location (Compl. ¶¶50-51). The defendant may argue the patent limits this term to devices with physical location capabilities like GPS.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The claim language itself does not specify the type of location data. The patent abstract also mentions operation via a "wireless network," which is not strictly limited to GPS.
      • Evidence for a Narrower Interpretation: The specification's primary embodiment for this concept, Figure 15, is a flowchart titled "PORTABLE SECURITY PGM" that begins with "ACTIVATE GPS OR TRIANGULATE OBTAIN CURRENT LOCATION DATA" ('825 Patent, Fig. 15). Figure 14 explicitly depicts a "GPS RCR" (receiver) within the portable device ('825 Patent, Fig. 14).

  • The Term: "extracting said security sensitive content" (’047 Patent, Claim 1)

    • Context and Importance: The complaint alleges that IBM’s use of an Information Dispersal Algorithm (IDA) to slice data meets this limitation (Compl. ¶68). Practitioners may focus on whether "extracting" requires content-aware identification of sensitive data, versus a content-agnostic mathematical dispersal.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The patent abstract states the method includes "extracting the security data from the file," which could be read broadly to include any method of separation. The specification discusses using a "filter" to separate data, and an IDA could be characterized as an algorithmic filter ('047 Patent, Abstract; col. 3:9-14).
      • Evidence for a Narrower Interpretation: The specification also provides examples of extraction that are explicitly content-aware, such as using a dictionary to separate "common words" from "uncommon words (extracted-security sensitive words)" ('047 Patent, col. 19:55-65). This might support an argument that "extracting" implies an intelligent identification of content, not just mathematical slicing.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges that IBM induces infringement by providing customers with user guides, product documentation, and other support materials that instruct and encourage them to use the IBM COS products in an infringing manner (Compl. ¶¶30, 54, 72).
  • Willful Infringement: Willfulness is alleged based on both pre-suit and post-suit knowledge. Pre-suit knowledge is alleged based on a 2010 meeting where DigitalDoors's inventor and president notified IBM of its "large portfolio of patents," as well as IBM's and Cleversafe's own citation of DigitalDoors's patents over 4,800 times during their own patent prosecution activities (Compl. ¶¶33-34).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of technical equivalence: Does IBM's content-agnostic Information Dispersal Algorithm, which mathematically divides a data stream into slices, perform the same function in substantially the same way to achieve the same result as the claimed step of "extracting security sensitive content," which the patents also describe as a content-aware filtering process?
  • A central dispute may turn on definitional scope: Can claim terms like "portable computing device" and "location data," which are exemplified in the '825 patent using GPS and physical geography, be construed broadly enough to read on the accused system's use of logical network addresses and contexts to control data access?
  • A key evidentiary question will be one of pre-suit knowledge: What level of knowledge can be established from the alleged 2010 meeting between the parties and the extensive citation history of the patents-in-suit by IBM and Cleversafe, and will that evidence be sufficient to support the claim of willful infringement?