DCT
2:24-cv-00310
DigitalDoors Inc v. Wells Fargo Bank NA
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Wells Fargo Bank, N.A. (California)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00310, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical branch locations, employees, and specifically targets customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the financial industry's "Sheltered Harbor" specification, infringe four patents related to methods for securely extracting, filtering, storing, and managing granular data in a distributed computing environment.
- Technical Context: The technology addresses secure data management and disaster recovery, focusing on isolating and protecting critical data subsets (like customer account information) from larger data streams, a function of high importance in the financial services sector.
- Key Procedural History: The complaint alleges the patents' priority date predates the financial industry's development of the accused "Sheltered Harbor" standards, which began in 2015. It also alleges that Defendant had pre-suit knowledge of the patents due to their citation during the prosecution of Defendant's own patent applications.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Patents-in-Suit (’301, ’169, ’073, ’639) |
| 2015 | Sheltered Harbor industry initiative launched |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-05-02 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis and Classification and Method Therefor"
The Invention Explained
- Problem Addressed: The patent's background describes several problems with conventional data management, including the difficulty of managing unstructured data, the inefficiency of classifying sensitive data, the vulnerability of open enterprise systems, and the inability to address the changing sensitivity value of information over its lifecycle (’301 Patent, col. 1:31-2:61).
- The Patented Solution: The invention proposes a method and system for organizing data in a distributed computing system by using "categorical filters" to identify and extract important "select content" from a larger data stream. This extracted content is stored in corresponding data stores, and specific data processes (e.g., copy, archive, distribution, destruction) are associated with the activated filters. These processes can then be applied automatically to subsequent data inputs that match the filter criteria (’301 Patent, Abstract; col. 3:17-4:35).
- Technical Importance: This approach represented a shift from managing entire data files to managing granular data content, which could provide enhanced security and more flexible data management for applications like disaster recovery (Compl. ¶28; ’301 Patent, col. 9:46-58).
Key Claims at a Glance
- The complaint asserts at least independent Claim 25 (Compl. ¶99).
- Essential elements of Claim 25 include:
- A method of organizing and processing data in a distributed computing system having select content important to an enterprise.
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which is at least one of contextually or taxonomically associated.
- Storing said aggregated select content for said at least one categorical filter in a corresponding select content data store.
- Associating at least one data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
- Applying the associated data process to a further data input based upon the result of said further data being processed by said activated filter.
- Wherein activating a designated categorical filter includes an automatic activation or a manual activation, and said automatic activation is time-based, condition-based, or event-based.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Security Designated Data and With Granular Data Stores"
The Invention Explained
- Problem Addressed: The patent addresses the need to securely manage and segregate sensitive data within a distributed or cloud-based computing environment, where different types of data require different levels of protection and access control (’169 Patent, col. 1:28-2:67).
- The Patented Solution: The invention describes a distributed, cloud-based system with a plurality of data stores for "security designated data" (i.e., sensitive content) and separate "granular data stores" for the remaining data. A cloud-based server manages the system, extracting and storing the sensitive data in its designated, access-controlled stores while parsing and storing the "remainder data" elsewhere. The system is designed so that data can only be withdrawn from the secure stores when specific access controls are satisfied (’169 Patent, Abstract; col. 3:28-4:1).
- Technical Importance: This architecture provides a technical framework for isolating critical data in secure, segregated storage (a "vault") while maintaining the rest of the data in a separate environment, a key concept for modern cybersecurity and data resilience strategies.
Key Claims at a Glance
- The complaint asserts at least independent Claim 1 (Compl. ¶130).
- Essential elements of Claim 1 include:
- A method of organizing and processing data in a distributed cloud-based computing system.
- Providing: (i) a plurality of select content data stores for security designated data; (ii) a plurality of granular data stores; and (iii) a cloud-based server, with each select content data store having access controls.
- Providing a communications network coupling the stores and server.
- Extracting and storing said security designated data in respective select content data stores.
- Activating at least one of said select content data stores to permit access based on applying one or more access controls.
- Parsing remainder data not extracted and storing the parsed data in respective granular data stores.
- Withdrawing some or all of said security designated data and said parsed data from said data stores only in the presence of said respective access controls.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"
- Technology Synopsis: This patent describes an information infrastructure that processes data using a plurality of filters. The key inventive concept appears to be the ability to dynamically alter these initially configured filters by expanding, contracting, or reclassifying the definitions of sensitive and select content, thereby allowing the system to adapt its data processing rules over time (’073 Patent, Abstract; Claim 1).
- Asserted Claims: At least Claim 1 (Compl. ¶166).
- Accused Features: The complaint alleges that the accused systems, which use "protection policies" to identify and extract critical data, infringe by allowing an enterprise to create and modify these policies, which in turn alters how data is filtered and organized (Compl. ¶¶182-183, 186).
U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls"
- Technology Synopsis: This patent focuses on a method for "sanitizing" data in a distributed system. The process involves extracting sensitive content from a data input based on sensitivity levels and security clearances, storing that extracted data in secure stores, and separately storing the "remainder data." The invention also describes "inferencing" the sanitized data using content, contextual, and taxonomic filters (’639 Patent, Abstract; Claim 16).
- Asserted Claims: At least Claim 16 (Compl. ¶193).
- Accused Features: The complaint alleges that the Sheltered Harbor process of extracting critical account data for storage in a secure vault, thereby separating it from non-critical data, constitutes the claimed "sanitizing" process. The use of filters to identify the critical data is alleged to be the claimed "inferencing" step (Compl. ¶¶215, 218).
III. The Accused Instrumentality
Product Identification
- The "Accused Instrumentalities" are identified as the data backup and disaster recovery systems and methods owned, operated, or controlled by Wells Fargo Bank, N.A. (Compl. ¶96). The complaint frames the accused systems as those that are either certified as compliant with the "Sheltered Harbor" specification or provide "substantially equivalent functionality" (Compl. ¶96). Exemplary third-party technologies mentioned as satisfying the Sheltered Harbor standard include the Dell PowerProtect Cyber Recovery solution (Compl. ¶72).
Functionality and Market Context
- The accused systems are alleged to perform secure data vaulting for disaster recovery. Their core function involves creating "extremely secure (and segmented) backups of financial data" (Compl. ¶70). This is allegedly achieved by extracting critical financial information from production accounts, converting it to a standard format, and storing it in a secure, isolated "data vault" (Compl. ¶¶70-71). This vault is described as immutable, air-gapped, and survivable, meaning it is unchangeable and isolated from production and backup networks to protect it from being compromised (Compl. ¶77). The complaint provides a diagram from a Dell solution brief illustrating this architecture, showing a "Production Environment" connected via a "Secure Replication" link across an "Air-gap" to a "Data Vault Environment" (Compl. ¶73).
- The complaint positions these systems as critical infrastructure for the financial services industry, designed to "protect public confidence in the U.S. financial system" after a catastrophic cyberattack (Compl. ¶66).
IV. Analysis of Infringement Allegations
9,015,301 Patent Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| A method of organizing and processing data in a distributed computing system having select content important to an enterprise... | The accused systems organize and process customer financial account data, which is content important to the enterprise, Wells Fargo (WFB). | ¶100, ¶102 | col. 3:17-21 |
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The accused systems provide a "data vault" containing multiple data stores (e.g., for backup, copy, lock, and analysis) that are operative with "protection policies" which act as categorical filters. A diagram shows multiple data stores in the Cyber Recovery Vault (Compl. ¶106). | ¶105-¶107 | col. 3:25-33 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... | WFB activates "protection policies" (filters) to process its data and extract "critical financial account information" (select content). This extracted information is contextually or taxonomically associated. | ¶109-¶111 | col. 3:34-39 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; | The extracted critical account data is aggregated and stored in the secure data vault, which corresponds to the active protection policy. | ¶113-¶114 | col. 3:40-43 |
| for said activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... | The activated "protection policies" associate data processes such as copying, archiving, and extracting data to the secure vault in accordance with Sheltered Harbor requirements. | ¶116-¶117 | col. 3:44-50 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... | Once a protection policy is established, subsequent data inputs (e.g., nightly backups) are processed in the same way under the same policy. | ¶119, ¶121 | col. 3:51-55 |
| wherein said activating a designated categorical filter encompasses an automatic activation...and said automatic activation is time-based, distributed computer system condition-based, or event-based. | The filtering and backup process is alleged to run automatically at a designated time interval (e.g., nightly), upon a designated condition (detection of new data), or manually ("on demand"). | ¶122, ¶124 | col. 3:56-61 |
- Identified Points of Contention:
- Scope Questions: A central question may be whether the "protection policies" described in Sheltered Harbor-compliant systems (Compl. ¶107) meet the definition of "categorical filters" as used in the patent. The defense may argue that "categorical filters" require a specific type of taxonomic or semantic analysis not present in the accused systems.
- Technical Questions: The complaint alleges that activating a filter is associated with processes like "copy," "extract," and "archive" (Compl. ¶117). A factual question will be whether the accused systems technically perform this "association" in the manner claimed, or if the backup/copy process is a monolithic function not distinctly "associated" with the filtering step.
9,734,169 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| A method of organizing and processing data in a distributed cloud-based computing system... | The accused systems are alleged to be optionally implemented on cloud platforms like AWS, Azure, and Google Cloud, and they organize and process financial data. | ¶131, ¶133 | col. 132:13-17 |
| providing... (i) a plurality of select content data stores for respective ones of a plurality of security designated data... and (iii) a cloud-based server, each select content data store having respective access controls thereat. | The system provides a secure data vault (containing select content data stores) for critical financial data (security designated data), which is managed by servers and protected by strict access controls like multi-factor authentication. | ¶137-¶139, ¶150 | col. 132:18-24 |
| providing... (ii) a plurality of granular data stores; | The system's production environment, which includes "production and backup workloads," is alleged to constitute the "granular data stores" where non-extracted data is stored. A diagram showing these workloads is provided (Compl. ¶153). | ¶137, ¶140, ¶153 | col. 132:20 |
| extracting and storing said security designated data in respective select content data stores. | The system extracts critical financial data from the production environment and stores it in the secure data vault. | ¶144-¶145 | col. 132:27-29 |
| activating at least one of said select content data stores...thereby permitting access to said select content data stores and respective security designated data based upon an application of one or more of said access controls... | Access to the data vault and the critical data within is permitted only upon satisfaction of strict security measures, such as credentialed access and multi-factor authentication. | ¶149-¶150 | col. 132:30-34 |
| parsing remainder data not extracted... and storing the parsed data in respective granular data stores. | Data that is not extracted and sent to the vault remains in the production and backup systems (the alleged granular data stores). | ¶152-¶153 | col. 132:35-38 |
| withdrawing some or all of said security designated data... from said respective data stores only in the presence of said respective access controls applied thereto. | Data is withdrawn from the secure vault to a "restoration platform" only after passing strict security and access controls. | ¶158-¶159 | col. 132:39-42 |
- Identified Points of Contention:
- Scope Questions: Does leaving data in a production environment while copying a subset to a vault constitute "parsing remainder data... and storing the parsed data in respective granular data stores"? The defense may argue this claim language requires an active process of separating a data stream into two new sets of stored data, not just copying one part and leaving the original intact.
- Technical Questions: The infringement theory hinges on the accused systems being "cloud-based" (Compl. ¶131). A factual dispute may arise over the actual architecture of WFB's systems—whether they are on-premises, private cloud, public cloud, or a hybrid—and whether that architecture falls within the scope of a "distributed cloud-based computing system" as understood in the patent.
V. Key Claim Terms for Construction
The Term: "categorical filters" (from the ’301 Patent)
Context and Importance: This term is the core mechanism for identifying the "select content" to be protected. The viability of the infringement allegation for the ’301 Patent depends on whether the accused "protection policies" (Compl. ¶107) fall within the scope of this term. Practitioners may focus on this term because its construction will determine whether simple rule-based data selection infringes, or if a more complex classification is required.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent states the system may include "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:35-37), suggesting the term is a genus encompassing various filter types. The summary describes "enterprise designated categorical filters which include content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 3:30-33).
- Evidence for a Narrower Interpretation: The specification provides detailed examples of building a "hierarchical taxonomic system" and using a "Knowledge Expander (KE) search engine" to create classifications (’301 Patent, col. 10:22-32). The defense may argue these specific embodiments limit the term to filters that perform semantic or taxonomic analysis, rather than simple keyword or folder-based rules.
The Term: "distributed cloud-based computing system" (from the ’169 Patent)
Context and Importance: This term defines the environment of the invention in Claim 1 of the ’169 Patent. The dispute may turn on whether WFB's actual infrastructure, which may be a mix of on-premises data centers and private/public cloud services, qualifies as "cloud-based."
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not explicitly define "cloud-based." A broad interpretation could encompass any distributed system where resources are virtualized and delivered over a network, which could include modern on-premises or private cloud architectures.
- Evidence for a Narrower Interpretation: The complaint itself points to public cloud services like "Amazon Web Services Cloud, Google Cloud, IBM Enterprise Cloud...Microsoft Cloud (Azure)" as examples of where the accused systems are implemented (Compl. ¶133). The defense could use this to argue that the term, in the context of the case, implies reliance on third-party, multi-tenant public cloud infrastructure, potentially excluding a private, on-premises data vault.
VI. Other Allegations
- Willful Infringement: The complaint alleges that any infringement continuing after Defendant received notice of the patents is necessarily willful and deliberate (Compl. ¶¶126, 162, 189, 224). It further alleges that Defendant has been on actual notice of the patents since at least September 30, 2014, based on patent prosecution arguments made by Defendant for its own patents that cited the patents-in-suit. The complaint also alleges a policy or practice of "willfully blind[ing]" itself to the patent rights of others (Compl. ¶¶227-228).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of technical and definitional mapping: can the specific architecture of the financial industry's "Sheltered Harbor" standard—which relies on an "air-gapped" secure vault separate from production systems—be mapped onto the claim language of the asserted patents? This will require resolving whether concepts like "categorical filters" and "parsing remainder data" read on the functions of setting backup policies and leaving non-critical data in place on production servers.
- A second key question will be the nature of the accused system: does the infringement theory for the ’169 Patent require a "cloud-based" architecture in the public cloud sense, and if so, what is the actual nature of Defendant's implementation? The outcome may depend on whether WFB's potentially private, on-premises data vault infrastructure falls within the patent's scope.
- A critical question for damages will be knowledge and willfulness: does the citation of a patent during the prosecution of a defendant’s own, unrelated patent application suffice to establish pre-suit knowledge or willful blindness? The court’s treatment of this allegation could significantly impact potential damages if infringement is found.