DCT

2:23-cv-00548

DigitalDoors Inc v. First Citizens Bank & Trust Co

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:23-cv-00548, E.D. Tex., 11/21/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains physical locations, employs staff, and generates substantial revenue within the district, specifically targeting customers there.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry’s "Sheltered Harbor" specification, infringe four patents related to secure, granular data processing and storage.
  • Technical Context: The technology concerns methods for identifying, extracting, and securely storing sensitive data from larger data streams, thereby enhancing data security and survivability in distributed computing environments, particularly for disaster recovery.
  • Key Procedural History: The complaint does not reference prior litigation or post-grant proceedings involving the asserted patents. It does, however, note that the patents have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial services companies.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Asserted Patents
2015-04-21 U.S. Patent No. 9,015,301 Issues
2015-01-01 "Sheltered Harbor" initiative launched
2017-08-15 U.S. Patent No. 9,734,169 Issues
2019-01-15 U.S. Patent No. 10,182,073 Issues
2019-04-02 U.S. Patent No. 10,250,639 Issues
2023-11-21 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - “Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor”

  • Patent Identification: U.S. Patent No. 9,015,301, issued April 21, 2015.
  • The Invention Explained:
    • Problem Addressed: The patent’s background section describes several challenges with enterprise data management at the time of invention, including the difficulty of managing unstructured content, the inefficiency of classifying sensitive data without semantic analysis, the vulnerability of open ecosystems with numerous access points, and the inability to manage the changing sensitivity of data over its lifecycle (’301 Patent, col. 1:31-2:61).
    • The Patented Solution: The invention provides a method and system for organizing and processing data by treating content, rather than files, as the primary unit of management (’301 Patent, col. 9:46-58). It uses a plurality of "designated categorical filters" to identify and extract "select content" (important data) from a larger data stream, leaving behind "remainder data" (’301 Patent, col. 3:23-41). The extracted "select content" is then stored in corresponding secure data stores, enabling granular access control, enhanced security, and improved data survivability (’301 Patent, col. 4:1-13).
    • Technical Importance: This approach represented a shift from file-level security to content-level security, allowing enterprises to protect specific pieces of information within documents and data streams rather than just the entire file container (’301 Patent, col. 9:46-58).
  • Key Claims at a Glance:
    • The complaint asserts independent claim 25.
    • Claim 25 of the ’301 Patent recites a method with the following essential elements:
      • Providing a plurality of select content data stores operative with designated categorical filters.
      • Activating at least one filter and processing a data input to obtain select content.
      • Storing the aggregated select content in a corresponding data store.
      • Associating at least one data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
      • Applying the associated data process to a further data input based on the filter's result.
      • The filter activation is automatic (time-based, condition-based, or event-based) or manual.
    • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 9,734,169 - “Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores”

  • Patent Identification: U.S. Patent No. 9,734,169, issued August 15, 2017.
  • The Invention Explained:
    • Problem Addressed: The patent addresses the need for secure data management in distributed, and particularly cloud-based, computing systems where sensitive data must be protected from unauthorized access while remaining available for authorized use and recovery (’169 Patent, col. 1:11-2:68).
    • The Patented Solution: The invention describes a method for processing data in a distributed cloud-based system that includes a plurality of "select content data stores" for security-designated data and a separate plurality of "granular data stores." The method involves extracting the sensitive data and storing it in the secure stores, parsing the "remainder data" and storing it in the granular stores, and then allowing for withdrawal of the data only when specific access controls are satisfied (’169 Patent, Abstract).
    • Technical Importance: The technology provides a framework for segregating sensitive and non-sensitive data within a cloud architecture, enhancing security by requiring access to multiple, separately controlled storage locations to reconstruct a complete data set (’169 Patent, col. 17:25-36).
  • Key Claims at a Glance:
    • The complaint asserts independent claim 1.
    • Claim 1 of the ’169 Patent recites a method with the following essential elements:
      • Providing a distributed cloud-based computing system with: (i) select content data stores, (ii) granular data stores, and (iii) a cloud-based server with access controls.
      • Providing a communications network coupling the stores and server.
      • Extracting and storing security designated data in the select content data stores.
      • Activating at least one select content data store to permit access based on access controls.
      • Parsing remainder data not extracted and storing it in the granular data stores.
      • Withdrawing some or all of the security data and parsed data from their respective stores only when access controls are applied.
    • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 10,182,073 - “Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores”

  • Patent Identification: U.S. Patent No. 10,182,073, issued January 15, 2019.
  • Technology Synopsis: This patent focuses on creating a data processing infrastructure using a plurality of filters. The invention includes identifying sensitive and select content with initially configured filters and then altering those filters (e.g., expanding or contracting their scope) to dynamically manage data throughput (Compl. ¶¶165, 180; ’073 Patent, Abstract).
  • Asserted Claims: Independent claim 1 is asserted (Compl. ¶164).
  • Accused Features: The complaint alleges that the Accused Instrumentalities, by implementing configurable "protection policies," practice the claimed methods of creating an information infrastructure with filters that can be modified by the enterprise (Compl. ¶¶180-181).

U.S. Patent No. 10,250,639 - “Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls”

  • Patent Identification: U.S. Patent No. 10,250,639, issued April 2, 2019.
  • Technology Synopsis: This patent describes a method for "sanitizing" data by processing it through content, contextual, and taxonomic filters. The process involves extracting sensitive content based on its sensitivity level and security clearance, storing it in secure "extract data stores," and leaving the remainder data, thereby creating a "sanitized" version of the original data for enhanced security (Compl. ¶¶192, 216; ’639 Patent, Abstract).
  • Asserted Claims: Independent claim 16 is asserted (Compl. ¶191).
  • Accused Features: The complaint alleges that the Accused Instrumentalities, by extracting critical financial data and storing it in a secure data vault while leaving other data in the production environment, perform the claimed sanitization method (Compl. ¶¶210, 213).

III. The Accused Instrumentality

  • Product Identification: The "Accused Instrumentalities" are identified as the systems and methods used by Defendant First Citizens Bank (FCB) for processing and backing up data in a distributed system (Compl. ¶94). The complaint alleges these systems are compliant with the "Sheltered Harbor" industry specification for data security and disaster recovery, or are functionally equivalent thereto (Compl. ¶94).
  • Functionality and Market Context: The complaint alleges the accused systems perform secure data vaulting to protect critical customer account information against catastrophic events like cyberattacks (Compl. ¶¶68-69). The core alleged functionality involves extracting critical financial data from FCB's production environment, converting it to a standard format, and replicating it to a secure, isolated "data vault" (Compl. ¶¶68, 81). This vault is described as immutable and air-gapped from the primary network to ensure data integrity and availability for restoration (Compl. ¶75). The complaint provides a diagram illustrating this architecture, showing a "Production Environment" where data is extracted and a separate "Data Vault Environment" where it is replicated and stored securely (Compl. ¶32). This system is positioned as a critical component of FCB's regulatory compliance and business continuity strategy (Compl. ¶¶6-7).

IV. Analysis of Infringement Allegations

’301 Patent Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed computing system having select content important to an enterprise... Defendant is the enterprise operating a distributed computing system to protect critical customer financial account data. ¶98 col. 3:23-28
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The Accused Instrumentalities provide a "data vault" with multiple data stores (e.g., for backup, copy, lock, and analysis) that are operative with "protection policies" which act as categorical filters. ¶¶103-105 col. 13:29-41
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content... The system activates protection policies (filters) to extract critical financial account information from the data input. ¶¶107-108 col. 13:42-49
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; The extracted critical account data is stored in corresponding storage units within the secure data vault. ¶¶111-112 col. 4:8-13
and for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process; The system's protection policies associate data processes like copying, archiving, and extracting with the select content to manage data backup and vaulting. ¶¶114-115 col. 4:1-8
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... Once a protection policy is established, all subsequent data inputs are processed in the same way, with backups going to the same storage unit. ¶¶117-118 col. 4:14-19
wherein activating said designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based. Processing occurs automatically at a designated time interval (nightly backups), upon a designated condition (detection of new assets), or manually on demand. ¶¶120-121 col. 13:58-65

’169 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data...in a distributed cloud-based computing system... The Accused Instrumentalities are optionally implemented on cloud-based platforms like AWS, Azure, or Google Cloud. ¶131 col. 4:26-34
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores...; and (ii) a plurality of granular data stores; and (iii) a cloud-based server... The system provides a secure data vault (select content stores) and production/backup systems (granular data stores), with access controlled by servers. A diagram shows "Backup Workloads" as granular stores. ¶¶135-138 col. 3:34-42
providing a communications network operatively coupling said plurality of select content data stores and cloud-based server; The Accused Instrumentalities comprise an operatively coupled network connecting the production and vaulting environments. A diagram shows a "logical, air-gapped, dedicated connection." ¶¶140-141; Compl. at p. 92 col. 3:43-46
extracting and storing said security designated data in respective select content data stores; The system extracts critical financial account data based on protection policies and stores it in the secure data vault. ¶¶142-145 col. 4:4-8
activating at least one of said select content data stores...thereby permitting access...based upon an application of one or more of said access controls... The data vault is protected by strict access controls, including multi-factor authentication and least-privilege concepts. ¶¶147-148 col. 4:9-12
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores; Data not extracted for the vault (remainder data) is stored in production and backup systems (granular data stores). ¶¶150-151 col. 4:5-8
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Data can only be withdrawn from the vault to a "restoration platform" upon satisfaction of strict security measures and access controls. ¶¶156-157 col. 4:13-17

Identified Points of Contention

  • Scope Questions: A primary question will be whether the industry-standard "Sheltered Harbor" architecture, as described in the complaint, constitutes the specific patented methods. For example, does the standard practice of replicating production data to a backup system and then to an isolated vault align with the claimed steps of using "categorical filters" to obtain "select content" and separately storing "remainder data"? The defense may argue that the accused system is a more conventional backup architecture that does not perform the claimed granular extraction and separation.
  • Technical Questions: The complaint alleges that "protection policies" in systems like Dell PowerProtect function as the claimed "categorical filters." A technical question for the court will be whether these policies, which may select entire virtual machines or data sets for backup, perform the same function as the patent's filters, which are described as operating on a more granular, content-aware level (e.g., based on words, characters, or taxonomic classifications). The complaint's use of a screenshot showing user-selectable filters in a Dell product's UI will be central to this point (Compl. ¶181, at p. 94).

V. Key Claim Terms for Construction

  • The Term: "categorical filters" (from ’301 Patent, Claim 25)

  • Context and Importance: This term is the central mechanism for identifying and separating data in the ’301 Patent. The infringement case hinges on whether the "protection policies" and "dynamic filters" alleged to be used in the Accused Instrumentalities (Compl. ¶¶105, 172) fall within the scope of this term. Practitioners may focus on this term because its construction will determine if a system that selects data sets for backup based on high-level rules (e.g., "all financial data") infringes a claim that may require more granular, content-based filtering.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification states that enterprise-designated filters screen for policies such as "level of service policy, customer privacy policy, supplier privacy policy... and document or data retention policy," suggesting the filters can operate at a high-level policy basis (’301 Patent, col. 4:15-23).
    • Evidence for a Narrower Interpretation: The specification repeatedly describes the filters as including "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:35-37). The detailed description also explains that filters can be built using "a simple classification system (hierarchical taxonomic system)" based on label descriptions (’301 Patent, col. 10:22-32). This may support an argument that the term requires a more sophisticated, content-aware filtering mechanism than simple backup policies.

  • The Term: "parsing remainder data" (from ’169 Patent, Claim 1)

  • Context and Importance: The claim requires not only storing the "remainder data" (the data not extracted) but also "parsing" it. The definition of "parsing" is critical, as it may imply more than simply storing the leftover data. The infringement allegation rests on the idea that storing non-extracted data in production and backup systems meets this limitation (Compl. ¶150).

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition of "parsing" in its summary or definitions section, which may suggest the term should be given its ordinary meaning in the art, potentially encompassing general processing or handling of data.
    • Evidence for a Narrower Interpretation: The detailed description links parsing to specific algorithms and methodologies for processing text, such as by "word count, letter, etc." (’169 Patent, col. 45:55-61). This could support a narrower construction requiring a specific type of analysis or structuring of the remainder data, beyond merely leaving it in its original location.

VI. Other Allegations

  • Indirect Infringement: The complaint focuses exclusively on direct infringement, alleging that Defendant "makes, owns, operates, uses, or otherwise exercises control over" the infringing systems (Compl. ¶94). There are no specific allegations or counts for induced or contributory infringement.
  • Willful Infringement: The complaint includes a count for "Knowledge and Willfulness" (Compl. p. 114). It alleges willfulness based on Defendant's actual notice of the patents from the service of the complaint itself (post-suit knowledge) (Compl. ¶225). It further alleges willful blindness, stating on information and belief that Defendant has a "policy or practice of not reviewing the patents of others" (Compl. ¶226).

VII. Analyst’s Conclusion: Key Questions for the Case

This case presents a broad challenge to an entire industry's standard data protection architecture. The outcome will likely depend on the court's resolution of two central questions:

  • A core issue will be one of definitional scope: Can the patent term "categorical filter," which the specification describes in the context of granular, content-aware analysis (e.g., taxonomic, contextual), be construed to cover the high-level "protection policies" used in modern data backup systems to select entire workloads or data sets for vaulting?

  • A key evidentiary question will be one of operational equivalence: Does the accused "Sheltered Harbor" architecture—which replicates data from a production environment to an isolated vault—perform the specific, multi-step process claimed in the patents, including the distinct steps of "extracting" sensitive data while separately "parsing" and storing "remainder data"? Or will the evidence show a fundamental mismatch between the patented methods of data segregation and the accused methods of data replication?