DigitalDoors Inc v. Regions Bank

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: DigitalDoors, Inc. (Florida)
  • Defendant: Regions Bank (Alabama)
  • Plaintiff’s Counsel: Garteiser Honea, PLLC
• Case Identification: 2:23-cv-00552, E.D. Tex., 11/22/2023
• Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains physical branch locations, employs staff, generates substantial revenue, and specifically targets customers within the district.
• Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are allegedly compliant with the financial industry’s "Sheltered Harbor" standard, infringe four patents related to methods for securely filtering, extracting, storing, and managing sensitive data in distributed computing systems.
• Technical Context: The technology relates to secure data vaulting and disaster recovery, a critical function for financial institutions required to protect sensitive customer account information against catastrophic cyberattacks or system failures.
• Key Procedural History: The complaint does not reference prior litigation or post-grant proceedings involving the asserted patents. It does, however, extensively argue that the patented inventions were unconventional as of their 2007 priority date, citing the fact that the financial industry, through the Sheltered Harbor initiative, did not begin developing the allegedly infringing technologies until 2015 as evidence of non-obviousness.

Case Timeline

Date	Event
2007-01-05	Earliest Priority Date for all Asserted Patents
2015-01-01	Sheltered Harbor initiative launched (approximate date)
2015-04-21	U.S. Patent No. 9,015,301 Issued
2017-08-15	U.S. Patent No. 9,734,169 Issued
2019-01-15	U.S. Patent No. 10,182,073 Issued
2019-04-02	U.S. Patent No. 10,250,639 Issued
2023-11-22	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor"

The Invention Explained

• Problem Addressed: The patent’s background section describes deficiencies in prior art data management systems, including an inability to effectively manage unstructured data, a lack of semantic or taxonomic analysis for classifying sensitive information, and vulnerabilities in open-access enterprise ecosystems (Compl. ¶27; ’301 Patent, col. 1:31-2:27).
• The Patented Solution: The invention proposes a method of organizing and processing data by moving beyond file-level management to content-level management. It uses a system of "categorical filters" (e.g., content-based, contextual, taxonomic) to analyze a data stream, identify and extract "select content" deemed important, and store that content in dedicated data stores, separate from the remaining data. This allows for granular, secure control over sensitive information and its reconstruction. (Compl. ¶26; ’301 Patent, Abstract; col. 3:20-4:18).
• Technical Importance: This approach provided a new architecture for data security that focused on the granular content itself rather than the files containing it, enabling more sophisticated security and access controls in distributed networks (Compl. ¶27).

Key Claims at a Glance

• The complaint asserts at least independent Claim 25 (’301 Patent, col. 131:32-132:20).
• The essential elements of Claim 25 include:
  • Providing a plurality of select content data stores operative with designated categorical filters in a distributed computing system.
  • Activating at least one filter and processing a data input to obtain "select content" that is contextually or taxonomically associated.
  • Storing the aggregated select content in a corresponding data store.
  • Associating a data process (e.g., copy, extract, archive) with the activated filter.
  • Applying that associated data process to a subsequent data input based on the filter's processing result.
  • Wherein the activation of the filter can be automatic (e.g., time-based, event-based) or manual.
• The complaint does not explicitly reserve the right to assert dependent claims for this patent.

---

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores"

The Invention Explained

• Problem Addressed: The invention addresses the need for enhanced data security in distributed, and specifically "cloud-based," computing systems where sensitive data must be protected from unauthorized access or catastrophic loss.
• The Patented Solution: The patent describes a method where a distributed system is provisioned with two types of stores: "select content data stores" for security-designated data and "granular data stores" for other, non-extracted data. A process extracts the sensitive information and places it in the secure, access-controlled "select content" stores, while the "remainder data" is parsed and stored separately in the "granular" stores. Access to withdraw data from any of these stores is governed by strict access controls. (’169 Patent, Abstract; col. 4:5-15).
• Technical Importance: This architecture creates a logical and physical separation between highly sensitive data and bulk data, enhancing security by isolating the most critical assets in a controlled environment, a concept central to modern "data vaulting."

Key Claims at a Glance

• The complaint asserts at least independent Claim 1 (’169 Patent, col. 131:13-132:12).
• The essential elements of Claim 1 include:
  • Providing in a distributed cloud-based system: (i) select content data stores for security-designated data, (ii) granular data stores, and (iii) a cloud-based server.
  • Providing a communications network coupling the stores and server.
  • Extracting and storing security-designated data in the select content data stores.
  • Activating a select content data store to permit access based on access controls.
  • Parsing remainder data not extracted from the data stream.
  • Storing the parsed remainder data in the granular data stores.
  • Withdrawing data from the stores only when respective access controls are satisfied.
• The complaint does not explicitly reserve the right to assert dependent claims for this patent.

---

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"

• Technology Synopsis: This patent discloses a system for processing data through a plurality of filters. A key aspect of the invention is the ability to dynamically alter these initially configured filters—by expanding or contracting their scope or changing their classification—and then generating modified filters that are applied to subsequent data throughput. (Compl. ¶¶181-182; ’073 Patent, Abstract).
• Asserted Claims: At least Claim 1 (Compl. ¶165).
• Accused Features: The complaint alleges that the accused Sheltered Harbor systems infringe by providing a user interface that allows an enterprise to define and modify "protection policies" (the alleged filters), which dynamically alters how data is identified and processed for secure vaulting (Compl. ¶¶182, 185).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls"

• Technology Synopsis: This patent describes a method for "sanitizing" data by extracting sensitive content according to different sensitivity levels and storing it in corresponding secure "extract data stores." The method further includes a step of "inferencing" the sanitized data using content, contextual, and taxonomic filters to analyze and obtain inferenced data. (Compl. ¶¶193, 217; ’639 Patent, Abstract).
• Asserted Claims: At least Claim 16 (Compl. ¶192).
• Accused Features: The accused systems are alleged to perform the claimed method by extracting critical customer account data (the sensitive content) into a secure data vault, thereby creating a "sanitized" version of the data separate from the production environment. The use of filters and content analysis to determine which data to protect is alleged to constitute the "inferencing" step. (Compl. ¶¶214, 217, 220).

III. The Accused Instrumentality

Product Identification

The "Accused Instrumentalities" are identified as the systems and methods used by Regions Bank for data processing, backup, and disaster recovery that are compliant with the "Sheltered Harbor" specification or are functionally equivalent (Compl. ¶95). The Dell PowerProtect Cyber Recovery for Sheltered Harbor solution is identified as an exemplary system that embodies the standard (Compl. ¶71).

Functionality and Market Context

The Sheltered Harbor standard requires financial institutions to protect critical customer account data by creating nightly backups in a standardized format and storing them in an "ultra secure," immutable, and air-gapped "data vault" (Compl. ¶¶69, 72, 76). This vault is isolated from the institution's production and primary backup networks to ensure data survivability in the event of a catastrophic cyberattack (Compl. ¶76). The complaint alleges this vaulting process involves extracting critical data based on pre-defined policies (Compl. ¶¶86-87). A diagram in the complaint illustrates this architecture, showing a "Production Environment" where data is extracted and an isolated "Data Vault Environment" where data is replicated and locked (Compl. ¶72, p. 32). Sheltered Harbor is described as an industry-driven initiative launched in 2015 with near-uniform adoption across the U.S. financial sector (Compl. ¶¶62, 65).

IV. Analysis of Infringement Allegations

9,015,301 Patent Infringement Allegations

Claim Element (from Independent Claim 25)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
...providing... a plurality of select content data stores operative with a plurality of designated categorical filters...	The accused systems provide a "data vault" with designated stores for sensitive content, which operate with "protection policies" that act as categorical filters to identify critical business services and data for protection.	¶104, ¶106	col. 13:33-40
...activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content... which associated select content is at least one of contextually associated select content and taxonomically associated select content...	The accused systems activate protection policies (filters) to extract critical financial account information. This extraction is alleged to be contextually or taxonomically associated through the use of metadata and tags.	¶108, ¶110	col. 13:41-48
...storing said aggregated select content for said at least one categorical filter in said corresponding select content data store...	The extracted critical account data is aggregated and stored in corresponding storage units or "data trees" within the secure data vault.	¶112, ¶113	col. 13:49-51
...associating at least one data process from the group... including a copy process, a data extract process, a data archive process...	The accused systems associate data processes such as backup, copying, and archiving with the select content as part of the data vaulting process managed by established policies.	¶115, ¶116	col. 13:54-59
...applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter...	Once a protection policy is established, all subsequent data inputs matching the filter are processed in the same way (e.g., copied, backed up) and directed to the same storage unit.	¶118-119	col. 13:60-64
...wherein activating a designated categorical filter encompasses an automatic activation... [that is] time-based, distributed computer system condition-based, or event-based.	The processing of data according to the filters is performed automatically on a nightly (time-based) basis or when new assets are detected (event-based).	¶121-123	col. 14:3-8

9,734,169 Patent Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
...providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server...	The accused system provides a "data vault" (select content stores) and production/backup systems (granular data stores), and can be deployed on cloud platforms like AWS, Azure, or Google Cloud (cloud-based server).	¶132, ¶136-139	col. 3:1-15
...providing a communications network operatively coupling said plurality of select content data stores and cloud-based server;	The accused systems include a communications network that couples the production environment with the data vault, often via a logical, air-gapped connection. The complaint provides a diagram from the Sheltered Harbor standard showing this distributed network architecture.	¶141-142, p. 72	col. 4:1-4
...extracting and storing said security designated data in respective select content data stores;	Critical financial account information is extracted based on protection policies and stored in the secure data vault.	¶143, ¶146	col. 4:5-7
...parsing remainder data not extracted... and storing the parsed data in respective granular data stores.	Data not extracted for the vault remains in the production and backup systems, which are alleged to be the "granular data stores." The complaint includes a diagram showing "Backup Workloads" in the production environment separate from the vault.	¶151-152, p. 77	col. 4:10-12
...withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls...	The data vault is protected by strict access controls (e.g., multi-factor authentication), and data can only be withdrawn for restoration upon satisfaction of these security measures.	¶157-158	col. 4:13-15

Identified Points of Contention

• Scope Questions: A primary question may be whether the "Sheltered Harbor" standard—a modern disaster recovery protocol—can be mapped onto the specific claim limitations of patents with a 2007 priority date. The defense may argue that the accused systems perform secure backup, not the more granular "extraction," "parsing," and "filtering" described in the patents. The meaning of "cloud-based" in the ’169 Patent will also be critical, as the accused systems can be deployed on-premises.
• Technical Questions: A key technical dispute may arise over the term "parsing remainder data" in the ’169 Patent. The complaint suggests that simply leaving non-extracted data in its original production/backup environment satisfies this element. The court will have to determine whether "parsing" requires an active step of processing or analyzing the remainder data, rather than merely not selecting it for extraction. For the ’301 Patent, a question is whether setting a backup policy in the accused system constitutes activating a "categorical filter" that performs "contextual" and "taxonomic" analysis as described in the patent.

V. Key Claim Terms for Construction

The Term: "designated categorical filters" (’301 Patent, Claim 25)

• Context and Importance: This term is the core of the ’301 Patent's invention. The plaintiff's case relies on equating the "protection policies" of the accused Sheltered Harbor systems with these filters. The construction of this term will determine whether a modern backup policy, which selects entire datasets for protection, falls within the scope of a claim that describes filters for analyzing and extracting granular content from within a data stream.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent states that filters are used to "locate, identify and extract select content... which may be of interest or importance to the enterprise" (’301 Patent, col. 3:5-8). This broad purpose could support an argument that any policy-based rule for selecting data is a type of "categorical filter."
  • Evidence for a Narrower Interpretation: The specification describes these filters in specific, technical ways as "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:35-37). The detailed description of a "Knowledge Expander (KE) search engine" and "hierarchical taxonomic system" to build these filters may suggest they are more sophisticated than a simple backup policy rule (Compl. ¶88; ’301 Patent, col. 10:22-32).

The Term: "parsing remainder data" (’169 Patent, Claim 1)

• Context and Importance: This step defines what happens to the data that is not extracted into the secure vault. The plaintiff's infringement theory requires that leaving data in the production environment constitutes "parsing" and "storing" it. If "parsing" is construed to require an active processing step, the infringement argument may be weakened.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The claim language itself does not specify how the parsing must occur. The specification states that after extraction, "Remainder data is stored in the distributed computer system" (’169 Patent, col. 4:10-11), which could be interpreted broadly to mean it is simply left where it is.
  • Evidence for a Narrower Interpretation: The common technical meaning of "parsing" implies analyzing a string of symbols or data into its constituent parts to understand its syntactic structure. The term appears throughout the specification in contexts that suggest active processing, not passive non-selection. For example, the patent discusses parsing plaintext to separate out credit card numbers or other sensitive items, which is a more active process than simply backing up a whole dataset. (’169 Patent, col. 46:1-6).

VI. Other Allegations

• Indirect Infringement: The complaint does not plead separate counts for indirect infringement. The allegations are focused on direct infringement by Defendant as the owner and operator of the accused systems (Compl. ¶¶95, 98, 129).
• Willful Infringement: The complaint alleges that Defendant has been on actual notice of the asserted patents since receiving the complaint (Compl. ¶226). It further alleges willful blindness based on an asserted "policy or practice of not reviewing the patents of others," which, if proven, could support a finding of post-suit willful infringement (Compl. ¶227).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: can patent claims from 2007, which describe a granular, content-aware system of "filters" for "extracting" sensitive data and "parsing" remainder data, be construed to cover modern disaster recovery systems that use "policies" to create complete, air-gapped copies of entire critical datasets? The outcome may depend on whether the court views the accused systems as merely a modern implementation of the patented method or as a fundamentally different technological approach to data protection.
• A key evidentiary question will be one of functional operation: does the accused Sheltered Harbor system, in practice, perform the specific, multi-step processes recited in the claims? For example, what evidence will show that the accused system actively "parses" remainder data, or that its selection policies perform the "contextual and taxonomic" analysis described in the patents, as opposed to simply identifying and copying designated virtual machines or data repositories in their entirety?
• Another central question will be one of non-obviousness in hindsight: Plaintiff preemptively argues that the financial industry's multi-year effort to develop the Sheltered Harbor standard, long after the patents' priority date, is strong evidence that the inventions were not obvious. The court will have to weigh this narrative against the technical prior art to determine if the claimed combinations of filtering, extracting, and storing data in distributed systems were truly unconventional at the time of invention.