DCT

2:23-cv-00544

DigitalDoors Inc v. Beal Bank

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:23-cv-00544, E.D. Tex., 11/21/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains physical branches, employs residents, and generates substantial revenue from customers within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are compliant with or functionally equivalent to the financial industry's "Sheltered Harbor" standard, infringe four patents related to secure, granular data filtering, storage, and retrieval.
  • Technical Context: The technology concerns advanced methods for isolating and protecting critical data in distributed computing environments to ensure operational continuity after a catastrophic event, such as a major cyberattack.
  • Key Procedural History: The complaint notes that the patents-in-suit have been cited as relevant prior art in hundreds of patent applications by major technology and financial services companies, positioning them as pioneering in the field of data security and survivability.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Patents-in-Suit
2015-04-21 U.S. Patent No. 9,015,301 Issued
2015-01-01 Sheltered Harbor initiative launched
2017-08-15 U.S. Patent No. 9,734,169 Issued
2019-01-15 U.S. Patent No. 10,182,073 Issued
2019-04-02 U.S. Patent No. 10,250,639 Issued
2023-11-21 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor (Issued: April 21, 2015)

The Invention Explained

  • Problem Addressed: At the time of invention, enterprise data systems struggled to manage and secure sensitive information effectively, particularly in "open ecosystems" with many access points (Compl. ¶27; ’301 Patent, col. 1:60-2:27). Conventional methods focused on managing entire data files rather than the sensitive content within them, lacked sophisticated semantic or taxonomic analysis for classification, and could not adequately manage the changing sensitivity of information over its lifecycle (Compl. ¶27; ’301 Patent, col. 1:31-55, 2:28-61).
  • The Patented Solution: The invention provides a method of organizing and processing data by using a plurality of "categorical filters" to identify and extract "select content" (important data) from a larger data stream (Compl. ¶29; ’301 Patent, col. 3:20-27). This extracted content is then stored in dedicated, secure data stores. The system associates specific data processes (e.g., copy, archive, destruction) with the filtered content, allowing for granular, policy-based control over sensitive information (Compl. ¶29; ’301 Patent, col. 3:56-4:12). This shifts the security focus from the file container to the data itself (Compl. ¶28; ’301 Patent, col. 9:46-58).
  • Technical Importance: This approach provided a more flexible and secure method for data management by separating sensitive information from non-sensitive "remainder" data and managing it based on its intrinsic content and context, rather than just its file-level classification (Compl. ¶37; ’301 Patent, Abstract).

Key Claims at a Glance

  • The complaint asserts independent method claim 25 (Compl. ¶98).
  • Claim 25 of the ’301 Patent recites the essential elements of:
    • Providing a plurality of select content data stores operative with designated categorical filters.
    • Activating at least one filter to process a data input to obtain select content that is contextually or taxonomically associated.
    • Storing the aggregated select content in a corresponding data store.
    • Associating a data process (e.g., copy, extract, archive) with the activated filter.
    • Applying the associated data process to further data inputs processed by the filter.
    • The filter activation is automatic (time, condition, or event-based) or manual.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 9,734,169 - Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores (Issued: August 15, 2017)

The Invention Explained

  • Problem Addressed: The patent addresses the security risks inherent in centralized data storage and the need for secure, granular control over sensitive data in distributed, cloud-based environments (Compl. ¶36, 46). Conventional systems that kept all parts of a document together were vulnerable; a single breach could compromise the entire dataset (Compl. ¶41; ’169 Patent, col. 16:7-14).
  • The Patented Solution: The invention describes a method for processing data in a distributed, cloud-based system by separating data into different storage types. It provides for "select content data stores" for security-designated data and separate "granular data stores" for the remaining data, all coupled via a communications network to a cloud-based server (’169 Patent, Abstract). Access to the sensitive data is governed by strict controls, and the system allows for the secure withdrawal and reconstruction of data only when authorized (’169 Patent, col. 4:1-12).
  • Technical Importance: This architecture enhances security by physically and logically separating critical data from non-critical data, making it harder for an attacker to access the complete information and providing for controlled restoration after a system failure (Compl. ¶52).

Key Claims at a Glance

  • The complaint asserts independent method claim 1 (Compl. ¶129).
  • Claim 1 of the ’169 Patent recites the essential elements of:
    • Providing in a distributed cloud-based system: (i) select content data stores for security data, (ii) granular data stores, and (iii) a cloud-based server, with access controls at the select content stores.
    • Providing a communications network coupling the stores and server.
    • Extracting and storing security-designated data in the select content data stores.
    • Activating a select content data store to permit access based on the access controls.
    • Parsing "remainder data" not extracted and storing it in the granular data stores.
    • Withdrawing security data and parsed data from their respective stores only when access controls are applied.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 10,182,073 - Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores

  • Patent Identification: U.S. Patent No. 10,182,073, Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores, issued January 15, 2019 (’073 Patent).
  • Technology Synopsis: This patent details a method for creating a dynamic information infrastructure that processes data using a plurality of initially configured filters. The system identifies sensitive content based on sensitivity levels and allows the filters to be altered (e.g., expanded or contracted) to modify what content is selected, thereby enabling dynamic, policy-based data organization and management (’073 Patent, Abstract).
  • Asserted Claims: At least Claim 1 (Compl. ¶165).
  • Accused Features: The accused systems allegedly infringe by using dynamic, configurable "protection policies" (filters) to identify and extract critical financial account data, and by providing user interfaces that allow the enterprise to modify these policies to alter how data is processed and stored in the secure data vault (Compl. ¶181-182).

U.S. Patent No. 10,250,639 - Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls

  • Patent Identification: U.S. Patent No. 10,250,639, Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls, issued April 2, 2019 (’639 Patent).
  • Technology Synopsis: This patent describes a method for "sanitizing" data by processing it through a system that identifies sensitive content based on multiple sensitivity levels and associated security clearances. The system extracts the sensitive content into secure "extract data stores" and non-sensitive content into "select content data stores," creating a sanitized version of the data from the remainder and non-extracted portions. The system can then use various filters (content, contextual, taxonomic) to "inference" the sanitized data (’639 Patent, Abstract).
  • Asserted Claims: At least Claim 16 (Compl. ¶192).
  • Accused Features: The accused systems allegedly infringe by extracting sensitive financial data (based on predefined filters and policies) into a secure, air-gapped data vault, leaving the non-extracted data in the production environment. This process is alleged to create a "sanitized" version of the data, which is then subject to analysis and inferencing using system tools (Compl. ¶214, 217).

III. The Accused Instrumentality

Product Identification

The "Accused Instrumentalities" are the systems and methods that Defendant Beal Bank allegedly "makes, owns, operates, uses, or otherwise exercises control over" for data processing, backup, and disaster recovery that are compliant with the Sheltered Harbor specification or are functionally equivalent (Compl. ¶95).

Functionality and Market Context

  • The complaint alleges that in the face of significant cybersecurity threats to the financial industry, an industry-wide standard called "Sheltered Harbor" was developed to ensure data resiliency (Compl. ¶62). The core functionality involves extracting critical customer account data, storing it in a secure, isolated, and immutable "data vault," and providing for the restoration of that data after a catastrophic event (Compl. ¶69, 76). The diagram from a Dell Solution Brief illustrates this process, showing "Data Extraction" from a "Production Environment" and replication to an air-gapped "Data Vault Environment" for secure processing and storage (Compl. ¶72).
  • The accused systems are alleged to be critical infrastructure for a financial institution, providing customer confidence and ensuring operational continuity, which is a regulatory requirement and a market differentiator (Compl. ¶94, 97). The system architecture is described as having two distinct environments: a "Production Environment" and a "Vault Environment," separated by an "automated air gap" to prevent threats from propagating to the secure data backups (Compl. ¶81).

IV. Analysis of Infringement Allegations

'301 Patent Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data... having select content important to an enterprise... Defendant is the enterprise operating a distributed computing system to manage and protect critical customer financial account data. ¶99 col. 3:20-27
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The accused systems provide a "data vault" which includes a plurality of data stores (e.g., for backup, copy, analysis) that operate with "protection policies," which are alleged to be the claimed categorical filters. ¶104, 106 col. 14:1-14
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which associated select content is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content; The accused systems activate "protection policies" that use aggregated tags and metadata (alleged to be contextual/taxonomic association) to extract critical financial account information from the data input. ¶108, 110 col. 14:15-24
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; The extracted critical data (e.g., account information, binaries, backup catalogs) is stored in corresponding storage units within the secure data vault. The complaint includes a diagram from a Dell solution brief showing multiple storage functions within the "Cyber Recovery Vault" (Compl. ¶105). ¶112-113 col. 14:25-29
for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process; The system's protection policies associate specific actions (e.g., backup, copy, archive) with specific data types in order to manage data vaulting according to the enterprise's rules. ¶115-116 col. 4:1-6
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... Once a protection policy is established, the system automatically applies the same backup and vaulting processes to all subsequent data inputs that match the filter criteria. ¶118-119 col. 4:7-12
said activating a designated categorical filter encompasses an automatic activation... said automatic activation is time-based, distributed computer system condition-based, or event-based. Processing is allegedly performed automatically based on a time interval (e.g., nightly backups), an event (detection of new or modified data), or a system condition. ¶121, 123 col. 14:38-44

Identified Points of Contention

  • Scope Questions: A central question may be whether the "protection policies" and "tags" used in modern data management systems like Dell PowerProtect constitute the "categorical filters" and "contextually/taxonomically associated select content" as described in the patent. The defense may argue these are distinct technical concepts.
  • Technical Questions: The complaint alleges a direct mapping between the claimed "data processes" (copy, extract, archive, etc.) and the functions performed by the accused systems. A point of contention could be whether the accused systems' backup and replication functions perform the specific steps of the claimed "data processes" in the manner required by the claim.

'169 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data... in a distributed cloud-based computing system... The accused systems are alleged to be optionally implemented in cloud environments such as AWS, Google Cloud, or Microsoft Azure. ¶130, 132 col. 1:19-22
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat; The system allegedly provides a secure "data vault" (the select content data stores), which is isolated from production and backup systems (the granular data stores), and uses a cloud-based architecture with access controls like multi-factor authentication. ¶136-139 col. 2:54-61
providing a communications network operatively coupling said plurality of select content data stores and cloud-based server; The accused systems allegedly use a communications network to couple the production environment with the separate, air-gapped data vault environment. A diagram illustrates this architecture (Compl. ¶141, p. 72). ¶141-142 col. 2:62-65
extracting and storing said security designated data in respective select content data stores; The system allegedly extracts critical financial account data and stores it securely in the data vault according to predefined "protection policies." ¶143, 146 col. 3:1-5
activating at least one of said select content data stores... thereby permitting access... based upon an application of one or more of said access controls thereat; Access to the data vault is allegedly safeguarded by strict security measures, including credential-controlled access and multi-factor authentication. ¶148-149 col. 3:6-12
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores; Data not extracted for the secure vault is allegedly stored in the production and backup systems (i.e., outside the vault). A diagram highlights the "Production Workloads" and "Backup Workloads" as distinct from the vault (Compl. ¶152, p. 78). ¶151-152 col. 3:13-17
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. The system allegedly allows for the withdrawal of data from the vault for emergency restoration only upon satisfaction of strict security measures and access controls. ¶157-158 col. 3:24-29

Identified Points of Contention

  • Scope Questions: It may be disputed whether the accused architecture, which separates a "production environment" from a "vault environment," meets the claim's specific requirements for "select content data stores" and "granular data stores." A key question is whether a production system can be considered a "granular data store" for "remainder data" in the context of the patent.
  • Technical Questions: The claim requires a "cloud-based server" and a "distributed cloud-based computing system." The complaint alleges the accused systems are optionally implemented in the cloud. The actual implementation by Beal Bank (on-premises, cloud, or hybrid) will be a critical factual question for determining infringement.

V. Key Claim Terms for Construction

  • The Term: "categorical filters" (’301 Patent, Claim 25)

    • Context and Importance: This term is the core mechanism for identifying sensitive data. The infringement case depends on mapping this term to the "protection policies," "rules," and "tags" of the accused systems. Practitioners may focus on this term because its scope will determine whether modern, policy-driven backup systems fall within the claims.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The specification describes filters in broad functional terms, including "content-based filters, contextual filters and taxonomic filters," suggesting the term is not limited to a specific implementation but to any filter that categorizes data (’301 Patent, col. 11:23-28).
      • Evidence for a Narrower Interpretation: The detailed description provides specific examples of filters, such as those that identify content based on predefined keywords or taxonomic classifications (’301 Patent, col. 10:22-32). This may support an argument that the term requires more than the simple rules (e.g., "VM Folder Name, Contains, Finance") alleged in the complaint (Compl. ¶109).

  • The Term: "distributed cloud-based computing system" (’169 Patent, Claim 1)

    • Context and Importance: This term defines the environment of the invention. Infringement hinges on whether the accused disaster recovery systems, which may be implemented on-premises, in a private cloud, or in a public cloud, meet this definition. The term's construction will be critical, as a narrow definition limited to public multi-tenant clouds could allow an on-premises implementation to escape infringement.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The patent does not appear to explicitly define the term, leaving it open to its plain and ordinary meaning at the time of the invention. The specification's focus is on distributed storage and security, not a specific type of cloud infrastructure, which may support a broader reading that includes private or hybrid cloud models.
      • Evidence for a Narrower Interpretation: The term "cloud-based" could be construed more narrowly by a court to mean services provided over the public internet by a third-party provider, consistent with the common understanding of the term. The complaint itself points to implementations on public clouds like AWS and Azure as examples (Compl. ¶132), which could be used to argue for a narrower scope.

VI. Other Allegations

  • Indirect Infringement: The complaint does not allege indirect infringement. The infringement theory is based on Defendant's direct control and use of the entire accused system as a single enterprise (Compl. ¶98, 129).
  • Willful Infringement: Willfulness is alleged based on Defendant’s continued infringement after receiving actual notice of the patents-in-suit via the service of the complaint (Compl. ¶226). The complaint also pleads willful blindness, alleging on information and belief that Defendant has a policy or practice of not reviewing the patents of others to assess infringement (Compl. ¶227).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of technical mapping: do the "protection policies," "tags," and "air-gapped vaults" of the accused modern disaster recovery systems, designed around the Sheltered Harbor standard, function in the same way as the "categorical filters," "taxonomically associated content," and "select content data stores" claimed in patents with a 2007 priority date?
  • A second key question will be one of definitional scope: can the term "distributed cloud-based computing system," as used in the ’169 Patent, be construed broadly enough to read on the specific architecture implemented by the Defendant, which could be an on-premises, private cloud, or hybrid system rather than a public cloud service?
  • Finally, the case may raise an evidentiary question of control: the complaint alleges Defendant "makes, owns, operates, uses, or otherwise exercises control over" the entire infringing apparatus. The degree to which Defendant, as opposed to third-party vendors like Dell, controls the configuration and operation of the accused system's underlying software and hardware will be a central factual dispute.