DCT

2:23-cv-00543

DigitalDoors Inc v. Bank Ozk

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:23-cv-00543, E.D. Tex., 11/21/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains physical branch locations, employs personnel, and targets customers within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods for securely identifying, separating, storing, and managing sensitive data in distributed computing systems.
  • Technical Context: The technology concerns granular data management for security and survivability, a critical function for financial institutions facing sophisticated cyber threats and needing to ensure operational continuity.
  • Key Procedural History: The complaint alleges that the financial services industry collectively began developing the accused "Sheltered Harbor" standard in 2015, years after the patents' priority date, which Plaintiff presents as evidence of the inventions' non-obviousness. No prior litigation or post-grant proceedings are mentioned.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Patents-in-Suit
2015-04-21 U.S. Patent No. 9,015,301 Issued
2015-01-01 Sheltered Harbor industry initiative launched (approx.)
2017-08-15 U.S. Patent No. 9,734,169 Issued
2019-01-15 U.S. Patent No. 10,182,073 Issued
2019-04-02 U.S. Patent No. 10,250,639 Issued
2023-11-21 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Classification And Method Therefor"

  • Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Classification And Method Therefor," issued April 21, 2015.

The Invention Explained

  • Problem Addressed: The patent's background section describes deficiencies in prior art data management, including the difficulty of managing unstructured content, the inefficiency of classifying sensitive data, and the inability to manage the changing sensitivity of information over its lifecycle (’301 Patent, col. 1:31-38, 2:28-61).
  • The Patented Solution: The invention provides a method for organizing and processing data in a distributed system by using "categorical filters" to identify and obtain "select content" (data deemed important to the enterprise) and "associated select content" (data contextually or taxonomically related to the select content). This aggregated select content is then stored in corresponding data stores, allowing for granular control over sensitive information (’301 Patent, Abstract, col. 3:17-4:35).
  • Technical Importance: This approach shifted data management from a file-level to a content-level paradigm, proposing a more nuanced and secure way to handle sensitive information within large, distributed networks (Compl. ¶27).

Key Claims at a Glance

  • The complaint asserts independent method Claim 25 (Compl. ¶98).
  • The essential elements of Claim 25 include:
    • Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one filter and processing a data input through it to obtain select content and associated select content.
    • Storing the aggregated select content in a corresponding data store.
    • Associating a data process (e.g., copy, extract, archive) with the activated filter.
    • Applying the associated data process to a further data input.
    • Activating the filter via automatic (e.g., time-based, event-based) or manual activation.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"

  • Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores," issued August 15, 2017.

The Invention Explained

  • Problem Addressed: The patent identifies the security vulnerabilities of "open ecosystem" information structures where many different parties (employees, partners, customers) can access and produce information, creating numerous points of potential compromise (’169 Patent, col. 1:60-2:27).
  • The Patented Solution: The invention proposes a method for processing data in a distributed, cloud-based system by separating data into two categories. "Security designated data" (select content) is extracted and stored in secure "select content data stores" with specific access controls. The "remainder data" is parsed and stored separately in "granular data stores." This architectural separation is designed to isolate and protect the most critical information (’169 Patent, Abstract, col. 3:28-4:25).
  • Technical Importance: The invention provides a system architecture for cloud-based environments that enhances security by logically and physically separating critical data from non-critical data, thereby reducing the attack surface.

Key Claims at a Glance

  • The complaint asserts independent method Claim 1 (Compl. ¶129).
  • The essential elements of Claim 1 include:
    • Providing select content data stores, granular data stores, and a cloud-based server.
    • Providing a communications network coupling these components.
    • Extracting and storing security designated data in the select content data stores.
    • Activating at least one select content data store to permit access based on access controls.
    • Parsing remainder data not extracted from the processed data.
    • Storing the parsed remainder data in the granular data stores.
    • Withdrawing data from the stores only when the respective access controls are applied.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores"

  • Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019.
  • Technology Synopsis: This patent describes an information infrastructure where data is processed using a plurality of filters. The invention centers on the ability to dynamically "alter" these initially configured filters by expanding or contracting the definitions of sensitive and select content, or by imposing hierarchical classifications, thereby allowing an enterprise to modify its data protection scheme over time (’073 Patent, Abstract, col. 132:12-20).
  • Asserted Claims: Independent method Claim 1 (Compl. ¶165).
  • Accused Features: The complaint alleges infringement by systems that use and allow modification of "protection policies" to define, run, and monitor data replication and storage operations, effectively altering the filters that govern data security (Compl. ¶181-182, ¶185).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Data Flow With Distribution Controls"

  • Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools for Data Flow With Distribution Controls," issued April 2, 2019.
  • Technology Synopsis: This patent details a method of "sanitizing" data by extracting sensitive content based on its sensitivity level and corresponding security clearance. The system stores the extracted sensitive data in secure "extract stores" and the remainder data separately. The invention further describes using content, contextual, and taxonomic filters to "inference" the sanitized data to derive meaning or relationships from it (’639 Patent, Abstract, col. 132:13-37).
  • Asserted Claims: Independent method Claim 16 (Compl. ¶192).
  • Accused Features: The accused functionality involves extracting critical financial data (sensitive content) based on pre-defined policies (filters), storing it in a secure vault (extract store), and thereby creating sanitized versions of the original data sets (Compl. ¶214-215).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentalities" are identified as the data processing systems and methods that Defendant Bank OZK owns, operates, or controls for data backup and disaster recovery, which are alleged to be compliant with the "Sheltered Harbor" specification or its functional equivalent (Compl. ¶95).

Functionality and Market Context

  • The complaint alleges that the Accused Instrumentalities operate by extracting critical customer financial account data, converting it into a standardized format, and storing it in a secure, isolated, and immutable "data vault" (Compl. ¶69, ¶72). This vault is described as being "air-gapped" or separated from the primary production and backup systems to protect it from cyberattacks (Compl. ¶76). The complaint provides a diagram from a Dell technical document illustrating a two-part architecture with a "Production Environment" and a separate, secure "Data Vault Environment" connected by a replication link across an "Air-gap" (Compl. p. 33). The stated purpose of this functionality is to ensure that a financial institution can recover critical customer data and maintain operations following a catastrophic system failure (Compl. ¶62, ¶65).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed computing system having select content important to an enterprise... Defendant's systems manage and protect critical customer financial account data in a distributed network of servers and hardware. ¶99, ¶101 col. 13:25-30
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The Accused Instrumentalities provide a "data vault" with multiple data stores (e.g., for backup, copy, analysis) which house content derived from "protection policies" that act as categorical filters. ¶104-106 col. 13:30-40
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... The systems activate protection policies to extract critical financial account data (select content) and associated metadata like binaries and backup catalogs (associated select content). ¶108-110 col. 13:41-48
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store... The extracted critical account data and associated data are aggregated and stored in corresponding storage units or "data trees" within the secure data vault. ¶112-113 col. 4:1-5
for said activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... The systems associate data processes such as backup (copy/archive) and vaulting (extract) with the selected content as defined by the protection policies. ¶115-116 col. 4:5-12
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... Once a protection policy is established, all subsequent data inputs are processed in the same way, creating a new storage unit to which all subsequent backups for that policy are sent. ¶118-119 col. 4:12-17
said activating said designated categorical filter encompasses an automatic activation...said automatic activation is time-based, distributed computer system condition-based, or event-based. Processing occurs automatically at a designated time interval (nightly), upon a designated condition (detection of new assets), or can be run manually on demand. ¶121-122 col. 15:1-11
  • Identified Points of Contention:
    • Scope Questions: A central question may be whether the "protection policies" and "tags" described in relation to the Sheltered Harbor standard (Compl. ¶87-88) meet the definition of "designated categorical filters" as claimed in the patent. The defense may argue that the accused systems use standard backup policies, while the patent describes a more complex system of content, contextual, and taxonomic filtering.
    • Technical Questions: The claim requires obtaining both "select content" and "associated select content." A factual question will be whether the accused systems' extraction of "critical account data" and other data like "application binaries, boot images, and backup catalog" (Compl. ¶102) corresponds to this two-part claimed structure.

U.S. Patent No. 9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data...in a distributed cloud-based computing system... The Accused Instrumentalities are described as cloud-based systems for processing and vaulting data in compliance with Sheltered Harbor. ¶130, ¶132 col. 3:28-32
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores...; and (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat. The system provides a secure "data vault" (select content stores) and separate "production and backup systems" (granular data stores), which are optionally implemented on cloud platforms and utilize access controls like multi-factor authentication. ¶136-139 col. 3:32-40
providing a communications network operatively coupling said plurality of select content data stores and cloud-based server. The complaint alleges the systems comprise an operatively coupled network connecting the production environment and the vaulting environment, referencing a diagram showing a "logical, air-gapped, dedicated connection." ¶141, ¶93 (diagram) col. 3:41-43
extracting and storing said security designated data in respective select content data stores. The systems extract critical financial account information and store it in the secure data vault. ¶143, ¶146 col. 4:18-20
activating at least one of said select content data stores...thereby permitting access...based upon an application of one or more of said access controls thereat. Access to the data vault is safeguarded by security measures, including strict credentialed access and multi-factor authentication. ¶148-149 col. 4:21-25
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores. Data not extracted for the vault (remainder data) is stored in the production and backup systems, which are depicted as separate from the vault. A diagram from Dell shows "Backup Workloads" in the production "Data Center." ¶151-152, ¶72 (diagram) col. 4:13-17
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Data can be withdrawn from the vault to a "restoration platform" only upon satisfaction of strict security measures and access controls. ¶157-158 col. 4:26-30
  • Identified Points of Contention:
    • Scope Questions: The dispute may turn on whether the accused "production and backup systems" (Compl. ¶152) qualify as "granular data stores" under the patent's definition, and whether the "data vault" meets the limitations of "select content data stores."
    • Technical Questions: The claim requires parsing and storing "remainder data." The evidence will need to show that the accused systems perform an affirmative step of parsing and storing this data separately, rather than simply leaving it in place in the production environment. The complaint alleges the production-side backups constitute this step (Compl. ¶152).

V. Key Claim Terms for Construction

Term from the ’301 Patent

  • The Term: "designated categorical filters" (Claim 25)
  • Context and Importance: This term is foundational to the claimed method. The infringement case hinges on whether the "protection policies" used in Sheltered Harbor-compliant systems, which identify critical data for backup, fall within the scope of this term.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification states that designated categorical filters are used to "store select content relative to the category in certain SC stores" and can be based on a wide range of enterprise policies, including "customer privacy policy, supplier privacy policy, enterprise human resources privacy policy, financial data handling policy," among others (’301 Patent, col. 11:58-67). This suggests the term could be construed broadly to cover any policy-based data selection rule.
    • Evidence for a Narrower Interpretation: The specification describes these filters in conjunction with specific, complex modules, including "content-based filters, contextual filters and taxonomic classification filters" and a "knowledge expander (KE) search engine" (’301 Patent, col. 13:33-36, 10:22-32). A defendant may argue that a "categorical filter" requires this specific type of taxonomic or contextual analysis, not just a simple rule for backing up certain data types.

Term from the ’169 Patent

  • The Term: "granular data stores" (Claim 1)
  • Context and Importance: The claim requires separating "remainder data" into these stores, distinct from where the "security designated data" is kept. The construction of this term will determine whether the standard production and backup systems in the accused architecture satisfy this limitation.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent describes "distributed storage stores" as holding "only parts of the data" and being of "lower interest to an attacker," suggesting that any storage for non-critical, partial data could qualify (’169 Patent, col. 17:27-30).
    • Evidence for a Narrower Interpretation: The patent repeatedly discusses a process of breaking data into "smaller and more granular pieces" to reduce security risk (’169 Patent, col. 15:53-56). A defendant may argue that "granular data stores" are not just any storage for leftover data, but are specifically stores for data that has been intentionally broken down into smaller pieces as part of the patented security method.

VI. Other Allegations

  • Willful Infringement: The complaint alleges that Defendant's infringement is willful and deliberate for any infringing activity that has continued after Defendant received notice of the patents-in-suit via service of the complaint (Compl. ¶125, ¶161, ¶188, ¶223). The complaint further alleges willful blindness, stating on information and belief that Defendant has a policy or practice of not reviewing the patents of others to assess for infringement (Compl. ¶227).

VII. Analyst’s Conclusion: Key Questions for the Case

  1. A central issue will be one of definitional scope: can the patent term "designated categorical filters," which is described in the context of complex content and taxonomic analysis, be construed to cover the "protection policies" used in the industry-standard Sheltered Harbor architecture, which are designed to identify and back up critical financial data sets?
  2. The case will also present a key evidentiary question of implementation: the complaint builds its infringement theory on public descriptions of the Sheltered Harbor standard and exemplary compliant products. The outcome will depend on whether discovery confirms that Bank OZK's specific, in-practice data vaulting architecture actually performs the steps as claimed, particularly with respect to the claimed separation and handling of "select content" versus "remainder data" in distinct types of data stores.
  3. A significant validity question will be one of obviousness and secondary considerations: the complaint proactively frames the industry's development of the Sheltered Harbor standard in 2015 as evidence that the patents' earlier invention was non-obvious. The court will likely have to weigh whether this timeline reflects a genuine inventive step by the patentee or, as a defendant might argue, simply reflects the financial industry responding to a market need (heightened cyber-threats) that became acute long after the patent was filed.