DCT

2:23-cv-00546

v. DigitalDoors, Inc

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:23-cv-00546, E.D. Tex., 11/21/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas based on Defendant maintaining physical branch locations, employing residents, and generating substantial revenue from business activities within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry’s "Sheltered Harbor" standard, infringe four patents related to methods for securely filtering, extracting, and storing sensitive data in distributed computer systems.
  • Technical Context: The technology relates to secure data vaulting for disaster recovery, a critical function in the financial services sector for protecting sensitive customer account information from catastrophic cyberattacks and ensuring operational continuity.
  • Key Procedural History: The complaint alleges that Defendant had pre-suit knowledge of the patents-in-suit since at least April 2019, based on citations made during the prosecution of Defendant's own patent applications, which may form the basis for a willfulness claim.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Patents-in-Suit
2015-04-21 U.S. Patent No. 9,015,301 Issues
2015-01-01 Sheltered Harbor initiative launched (approximate date)
2017-08-15 U.S. Patent No. 9,734,169 Issues
2019-01-15 U.S. Patent No. 10,182,073 Issues
2019-04-02 U.S. Patent No. 10,250,639 Issues
2019-04-30 Alleged date of Defendant's pre-suit notice of patents
2023-11-21 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Method Therefor"

The Invention Explained

  • Problem Addressed: The patent's background describes the difficulty enterprises faced in managing and securing sensitive information, particularly unstructured data, within "open ecosystems" where numerous parties could access information. Conventional systems focused on managing data files rather than the sensitive content within them, and could not effectively handle the changing sensitivity of information over its lifecycle (Compl. ¶27; ’301 Patent, col. 1:60-2:61).
  • The Patented Solution: The invention provides a method for organizing and processing data by using a plurality of "categorical filters" to identify and obtain "select content" from a data input. This extracted content is then stored, and the system associates it with specific data processes (e.g., copying, archiving, distributing). This shifts the security focus from the file to the granular data itself, allowing for more nuanced control (Compl. ¶26; ’301 Patent, Abstract; col. 3:17-4:35).
  • Technical Importance: This approach enabled more granular control over sensitive data, improving security and data management for disaster recovery by isolating critical information based on its content rather than its file container.

Key Claims at a Glance

  • The complaint asserts at least independent claim 25 (Compl. ¶98).
  • The essential elements of claim 25 include:
    • A method of organizing and processing data in a distributed computing system having select content important to an enterprise.
    • Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one filter and processing a data input to obtain select content that is contextually or taxonomically associated.
    • Storing the aggregated select content in a corresponding data store.
    • Associating at least one data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
    • Applying the associated data process to a further data input.
    • Wherein the filter activation is automatic or manual, and the automatic activation can be time-based, condition-based, or event-based.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"

The Invention Explained

  • Problem Addressed: The patent addresses the need for enhanced security in distributed, and particularly cloud-based, computing systems where sensitive data must be protected from unauthorized access during storage and processing.
  • The Patented Solution: The invention describes a method where a "cloud-based system" provides separate storage locations for different types of data. It uses filters to extract "security designated data" (sensitive content) which is stored in "select content data stores" with specific access controls. The remaining, non-sensitive "remainder data" is parsed and stored separately in "granular data stores." This separation of sensitive and non-sensitive data into distinct, controlled stores enhances security (Compl. ¶69; ’169 Patent, Abstract; col. 3:28-4:27).
  • Technical Importance: By architecturally segregating sensitive data from the bulk of non-sensitive data, the invention reduces the attack surface and makes it more difficult for an unauthorized party to access and reconstruct a complete, sensitive dataset.

Key Claims at a Glance

  • The complaint asserts at least independent claim 1 (Compl. ¶129).
  • The essential elements of claim 1 include:
    • A method of organizing and processing data in a distributed cloud-based computing system.
    • Providing a plurality of select content data stores (for security designated data), a plurality of granular data stores, and a cloud-based server, with the stores and server coupled by a communications network.
    • Extracting and storing security designated data in the select content data stores.
    • Activating a select content data store to permit access based on access controls.
    • Parsing remainder data not extracted from the data processed.
    • Storing the parsed remainder data in the granular data stores.
    • Withdrawing security designated data and parsed data from their respective stores only when access controls are applied.
  • The complaint does not explicitly reserve the right to assert dependent claims.

Multi-Patent Capsule: U.S. Patent No. 10,182,073

  • Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019.
  • Technology Synopsis: The patent describes a method for creating an information infrastructure that identifies sensitive and select content using a set of "initially configured filters." The core inventive concept appears to be the subsequent step of dynamically "altering" these filters—by expanding, contracting, or changing their classification—and then using the "modified configured filters" to organize further data throughput (Compl. ¶¶181, 184; ’073 Patent, Abstract).
  • Asserted Claims: At least independent claim 1 is asserted (Compl. ¶165).
  • Accused Features: The accused systems allegedly infringe by using configurable "protection policies" that act as filters to identify critical data for vaulting. The complaint alleges that the ability within the accused systems to define, run, monitor, and "modify existing policies" constitutes the claimed altering of filters (Compl. ¶¶182, 185). A screenshot in the complaint depicts a user interface for selecting and applying filters to generate a report, which Plaintiff alleges shows this functionality (Compl. p. 94).

Multi-Patent Capsule: U.S. Patent No. 10,250,639

  • Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools for Processing Data Flow With Distribution Controls," issued April 2, 2019.
  • Technology Synopsis: This patent discloses a method for "sanitizing" data processed in a distributed system. The method involves extracting sensitive content based on a plurality of sensitivity levels and associated security clearances, storing the extracted sensitive data and the remaining data in separate stores, and then "inferencing" the resulting sanitized data using a combination of content, contextual, and taxonomic filters (’639 Patent, Abstract).
  • Asserted Claims: At least independent claim 16 is asserted (Compl. ¶192).
  • Accused Features: The complaint alleges that the Sheltered Harbor-compliant systems perform the claimed method by using priority-based filters to extract critical financial data (sensitive content) based on its importance (sensitivity level) and storing it in a secure data vault, separate from the production environment. The use of contextual and taxonomic tagging and filtering in these systems is alleged to meet the "inferencing" limitation (Compl. ¶¶217-219).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentalities" are identified as Capital One's systems and methods for processing and backing up data in a distributed system. The complaint alleges these systems are either compliant with the "Sheltered Harbor" industry specification or provide "substantially equivalent functionality" (Compl. ¶95).

Functionality and Market Context

  • The complaint frames the accused functionality through the requirements of the Sheltered Harbor standard, an industry-driven initiative launched in 2015 to protect the U.S. financial system from catastrophic data loss (Compl. ¶62). The core functionality involves extracting critical customer account data from a "Production Environment," transferring it across an "Air-gap" for isolation, and storing it in an immutable, encrypted "Data Vault Environment" (Compl. ¶¶76, 81). The diagram from a Dell solutions brief illustrates this architecture, showing data moving from a production environment, through secure replication, and into a locked vault for processing (Compl. p. 32). This vault is designed to be physically and logically separated from corporate networks to ensure data survivability (Compl. ¶73). The complaint asserts that participation in Sheltered Harbor is a critical industry standard for maintaining regulatory compliance and public confidence (Compl. ¶¶62, 94).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The Accused Instrumentalities comprise a data vault with designated stores for select content, which is derived from categorical filters ("protection policies") that determine what critical data to protect. ¶104, ¶106 col. 4:6-14
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... Sheltered Harbor systems activate "protection policies" (filters) to extract critical financial account information from accounts. This extracted information is contextually or taxonomically associated using aggregated tags and metadata. ¶108, ¶110 col. 4:15-21
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; The vaulting process places the extracted critical account data (aggregated select content) into corresponding storage units or "data trees" within the secure data vault. The diagram shows multiple data stores for backup, copy, lock, and analysis within the vault (Compl. p. 53). ¶112, ¶113 col. 4:22-24
...associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process... Compliant systems associate data processes like backup and vaulting with the selected content. Once a policy is established, it is applied to copy, archive, or extract data to the vault according to technical requirements. ¶115, ¶116 col. 4:25-30
applying the associated data process to a further data input based upon a result of said further data being processed... Once a protection policy is established, all subsequent data inputs are processed in the same way, automatically applying the backup and vaulting process upon a designated time interval (e.g., nightly) or event. ¶118, ¶119 col. 4:31-35
wherein said activating a designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based. The processing takes place automatically upon a designated time interval (e.g., nightly), upon a designated condition (e.g., detection of new data), or manually. ¶121, ¶123 col. 4:40-45

Identified Points of Contention

  • Scope Questions: A central question may be whether the "protection policies" described in the Sheltered Harbor standard and implemented by Capital One meet the specific definition of "designated categorical filters" as claimed in the patent. The defense may argue that these are simply backup rules, whereas the patent describes more complex filtering operations.
  • Technical Questions: The analysis may focus on whether the accused system's routine backup operations satisfy the multi-step process of "associating" a data process with a filter and then "applying" that process to "further data input." The court will need to determine if the continuous application of a backup policy to new data meets this claimed sequence.

U.S. Patent No. 9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... The Accused Instrumentalities allegedly comprise a data vault (select content stores), production/backup systems (granular data stores), and can be implemented on cloud services like AWS, Azure, or Google Cloud (cloud-based server). ¶132, ¶136, ¶137, ¶139 col. 132:16-25
...extracting and storing said security designated data in respective select content data stores. The system extracts critical financial account data and stores it in the secure data vault. ¶143, ¶144 col. 132:29-31
activating at least one of said select content data stores... thereby permitting access... based upon an application of one or more of said access controls thereat. The data vault is safeguarded by strict access controls, including multi-factor authentication, and data can only be accessed or restored upon satisfaction of these security measures. ¶148, ¶149 col. 132:32-36
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores. Data not extracted for the vault (remainder data) is stored in the production and backup systems (granular data stores). A diagram shows "Backup Workloads" in the "Data Center," separate from the "Cyber Recovery Vault" (Compl. p. 71). ¶151, ¶152 col. 132:37-40
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Data can be withdrawn from the vault for restoration only after satisfying strict security protocols and access controls, such as credentialed access and multi-factor authentication. ¶157, ¶158 col. 132:41-45

Identified Points of Contention

  • Scope Questions: The definition of "cloud-based computing system" will be a key issue. Capital One may argue its secure vault is an on-premise, physically isolated system, not a "cloud" system. The interpretation will depend on whether "cloud-based" requires third-party hosting or can encompass private, distributed architectures.
  • Technical Questions: A factual question will be whether the accused system's standard production and backup storage qualifies as the claimed "granular data stores" for "remainder data," or if the patent requires a more specific architecture for this non-sensitive data.

V. Key Claim Terms for Construction

The Term: "categorical filters" (’301 Patent, Claim 25)

Context and Importance

  • This term is the central mechanism for identifying the data to be protected. The infringement case for the ’301 Patent hinges on whether Capital One's "protection policies" for its Sheltered Harbor system fall within the scope of this term.

Intrinsic Evidence for Interpretation

  • Evidence for a Broader Interpretation: The specification describes "designated categorical filters" as being used to "store select content relative to the category" and lists a wide range of enterprise policies that could be implemented, such as "customer privacy policy, supplier privacy policy, enterprise human resource privacy policy," suggesting a broad, policy-based definition (’301 Patent, col. 11:51-12:1).
  • Evidence for a Narrower Interpretation: The specification also provides more technical examples, stating filters can include "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:34-36). A defendant may argue the term requires these specific technical types of filters, not just general business rules.

The Term: "cloud-based computing system" (’169 Patent, Claim 1)

Context and Importance

  • This term appears in the preamble of the asserted claim and defines the environment of the invention. If Capital One's accused system is determined not to be "cloud-based," the infringement claim could fail.

Intrinsic Evidence for Interpretation

  • Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition. The term could be interpreted broadly to mean any distributed computing system where resources are virtualized and delivered over a network, which could include private, on-premise clouds. The complaint points to implementations on public clouds like AWS and Azure as examples (Compl. ¶132).
  • Evidence for a Narrower Interpretation: A defendant may argue that at the time of the invention, the term implied reliance on third-party, internet-accessible infrastructure, and that a physically isolated, "air-gapped" on-premise vault is the antithesis of a "cloud-based" system.

VI. Other Allegations

Willful Infringement

  • The complaint alleges that Defendant's infringement is and has been willful (Compl. ¶¶ 125, 161, 188, 223). The basis for this allegation includes not only post-suit notice from the filing of the complaint, but also alleged pre-suit notice. Specifically, Plaintiff alleges that Defendant has been on actual notice of the patents since at least April 30, 2019, due to their citation during the prosecution of Defendant's own patent applications (Compl. ¶226). The complaint further alleges that Defendant maintains a policy or practice of not reviewing the patents of others, which it characterizes as willful blindness (Compl. ¶227).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of technical mapping: Does the architecture of an industry-standard "Sheltered Harbor" data vaulting system—with its "protection policies," "air-gapped" environments, and production/backup systems—directly map onto the specific technical elements recited in the patent claims, such as "categorical filters," separate "select content" and "granular" data stores, and "cloud-based" systems? The case will likely require a detailed comparison of how the accused commercial system operates versus the specific architecture described and claimed in the patents.
  • A second key question will be one of definitional scope: The dispute may turn on the construction of foundational terms. Can a secure, on-premise, physically isolated data vault be considered part of a "cloud-based computing system"? Do general backup rules constitute "categorical filters"? The court's interpretation of these terms, in light of the patent's specification, will be dispositive for the infringement analysis.
  • Finally, a crucial evidentiary question will concern willfulness: What evidence exists that Defendant was aware of the specific DigitalDoors patents prior to the lawsuit? The allegation that the patents were cited during the prosecution of Capital One's own patent applications raises a significant question of pre-suit knowledge that could support a finding of willful infringement if infringement is found.