DCT
2:24-cv-00311
DigitalDoors Inc v. Cadence Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Cadence Bank (Mississippi)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00311, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains physical branch locations, employs residents, generates substantial revenue, and targets customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the "Sheltered Harbor" financial industry standard, infringe four patents related to secure, granular data processing and storage.
- Technical Context: The technology concerns methods for identifying, extracting, and securely storing sensitive data subsets from larger data streams in distributed computing environments to ensure data survivability and disaster recovery.
- Key Procedural History: The complaint frames the patents as a pioneering solution to data security challenges that the financial industry only began to address years later with the development of the Sheltered Harbor standard in 2015, an effort Plaintiff presents as evidence of its inventions' non-obviousness.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Priority Date for ’301, ’169, ’073, and ’639 Patents |
| 2015-01-01 | Sheltered Harbor initiative launched (approximate date) |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-05-02 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor
The Invention Explained
- Problem Addressed: The patent describes challenges in managing and securing sensitive information within large, distributed enterprise systems, particularly the difficulty of handling unstructured data, classifying data sensitivity efficiently, and protecting against numerous access points in open ecosystems (Compl. ¶28; ’301 Patent, col. 1:31-2:27).
- The Patented Solution: The invention proposes a method of shifting from managing data at the file level to managing it at the content level (Compl. ¶28; ’301 Patent, col. 9:46-58). It uses a system of designated "categorical filters" (e.g., content-based, contextual, taxonomic) to identify and extract specific "select content" from a data stream. This extracted content is stored in corresponding data stores, and specific data processes (like copying, archiving, or destruction) are associated with the activated filters to manage the data lifecycle (Compl. ¶¶105, 116; ’301 Patent, col. 3:1-4:26).
- Technical Importance: This approach provided a more granular method for data security and management, allowing enterprises to apply specific policies to subsets of data based on content rather than applying uniform rules to entire files or systems (Compl. ¶¶30-31).
Key Claims at a Glance
- The complaint asserts infringement of at least independent method Claim 25 (’301 Patent, col. 132:26-134:2).
- Claim 25 includes the following essential elements:
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one of the filters and processing a data input through it to obtain select content and associated select content.
- Storing the aggregated select content in a corresponding data store.
- Associating at least one data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
- Applying the associated data process to a further data input based on the result of that further data being processed by the filter.
- Wherein the filter activation is automatic or manual, and the automatic activation is time-based, condition-based, or event-based.
- The complaint does not explicitly reserve the right to assert other claims.
U.S. Patent No. 9,734,169 - Digital Information Infrastructure and Method for Security Designated Data and with Granular Data Stores
The Invention Explained
- Problem Addressed: The patent addresses the need for secure data management in a "distributed cloud-based computing system," where sensitive data must be protected and segregated from less sensitive "remainder" data (Compl. ¶131; ’169 Patent, Abstract).
- The Patented Solution: The invention describes a method for organizing and processing data in a cloud-based system. The system provides separate stores for "security designated data" (select content) and "granular data" (remainder data), along with a cloud-based server. The method involves extracting the security-designated data and storing it in its dedicated, access-controlled stores. The remaining data is parsed and stored separately in granular data stores. Access to the sensitive data is permitted only through the application of specified access controls, while the full dataset can be reconstituted by withdrawing and combining data from both types of stores (Compl. ¶¶137, 152, 158; ’169 Patent, Abstract).
- Technical Importance: This architecture provides a layered security model for cloud environments, separating critical data into highly secured stores while maintaining the availability of the less sensitive bulk of the data, thereby enhancing both security and system efficiency (Compl. ¶37).
Key Claims at a Glance
- The complaint asserts infringement of at least independent method Claim 1 (’169 Patent, col. 132:13-132:51).
- Claim 1 includes the following essential elements:
- Providing a system with (i) select content data stores, (ii) granular data stores, and (iii) a cloud-based server, with access controls at each select content data store.
- Providing a communications network coupling the stores and server.
- Extracting and storing security-designated data in the select content data stores.
- Activating a select content data store to permit access based on applying access controls.
- Parsing remainder data not extracted and storing it in the granular data stores.
- Withdrawing security-designated data and parsed data from their respective stores only in the presence of the access controls.
- The complaint does not explicitly reserve the right to assert other claims.
U.S. Patent No. 10,182,073 - Information Infrastructure Management Tools with Variable and Reconfigurable Filters and Segmental Data Stores
- Technology Synopsis: This patent focuses on creating a data processing infrastructure that uses a plurality of filters to identify sensitive and select content. A key aspect is the ability to dynamically alter these filters—by expanding, contracting, or changing their classification—and then generate modified filters to organize subsequent data throughput (Compl. ¶¶167, 182; ’073 Patent, Abstract).
- Asserted Claims: At least independent method Claim 1 is asserted (Compl. ¶166).
- Accused Features: The accused features are the aspects of Defendant's systems that allow for the creation and modification of "protection policies" which define, run, and monitor data replication and storage operations (Compl. ¶¶182-183, 185-186).
U.S. Patent No. 10,250,639
- Technology Synopsis: This patent details a method for "sanitizing" data by processing it through a system with a plurality of data stores for different sensitivity levels. The method involves extracting sensitive content corresponding to a specific sensitivity level, storing it in a secure extract store, and then extracting other "select content" from the remaining data. The process results in a "sanitized" version of the data, and the system can use various filters (content, contextual, taxonomic) to "inference" the sanitized data (Compl. ¶¶194, 218; ’639 Patent, Abstract).
- Asserted Claims: At least independent method Claim 16 is asserted (Compl. ¶193).
- Accused Features: The accused features are the Defendant's systems that extract critical account data, store it in a secure vault, and leave non-extracted data in production systems, thereby creating what is alleged to be a "sanitized" version of the data (Compl. ¶¶212, 215).
III. The Accused Instrumentality
Product Identification
- The "Accused Instrumentalities" are identified as the systems and methods used by Cadence Bank for processing and backing up data in a distributed system, which are alleged to be compliant with the "Sheltered Harbor" specification or to provide "substantially equivalent functionality" (Compl. ¶96). The complaint uses the Dell PowerProtect Cyber Recovery solution as an exemplary, non-limiting embodiment of the accused technology (Compl. ¶¶72, 79).
Functionality and Market Context
- The complaint alleges the accused systems perform critical data backup and disaster recovery for customer financial data (Compl. ¶96). Their core functionality, as described by the Sheltered Harbor standard, is to extract critical customer account data daily, convert it to a standard format, and store it in an isolated, immutable, and encrypted "data vault" (Compl. ¶¶70, 76, 77). This vault is "air-gapped" from production networks to protect against cyberattacks (Compl. ¶77). A diagram from a Dell Solution Brief illustrates this architecture, showing a "Production Environment" where data is extracted and a separate "Data Vault Environment" where data is replicated and locked (Compl. p. 32). This process is designed to ensure that if a financial institution's primary systems fail, it can restore customer account access from the secure vault (Compl. ¶71). The complaint emphasizes that participation in Sheltered Harbor is an industry standard for financial institutions to ensure operational resilience and public confidence (Compl. ¶¶63, 95).
IV. Analysis of Infringement Allegations
U.S. Patent No. 9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed computing system having select content important to an enterprise ... represented by ... words, characters, images, data elements or data objects | The accused systems manage and protect critical customer financial account data for the Defendant enterprise. | ¶100, ¶102 | col. 128:5-10 |
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters | The accused systems provide a "data vault" containing multiple data stores (e.g., for backup, copy, lock, and analysis) that are operative with "protection policies" which act as categorical filters. | ¶105-107 | col. 128:11-15 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content | The accused systems activate protection policies (filters) to extract critical financial account information (select content) from the enterprise's data streams. | ¶109-110 | col. 128:16-21 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store | The extracted critical account data is stored in designated storage units within the secure data vault. | ¶113-114 | col. 128:22-25 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process | The accused systems associate data processes such as copying and archiving data to the vault with the select content identified by the protection policies. | ¶116-117 | col. 128:34-40 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter | Once a protection policy is established, all subsequent data inputs (e.g., daily customer data) are automatically processed in the same way (e.g., copied to the vault nightly). | ¶119, ¶121 | col. 128:41-45 |
- Identified Points of Contention:
- Scope Questions: A central question may be whether the "protection policies" and "protection rules" described in relation to the Sheltered Harbor systems (Compl. ¶88, ¶110) meet the definition of "categorical filters" as used in the patent. The defense may argue that the patent contemplates more specific types of filters (e.g., taxonomic, contextual) than the general rules used for backup, while the plaintiff will likely argue for a broader interpretation.
- Technical Questions: The analysis may focus on whether the accused systems truly "associate" a data process with a filter. The complaint suggests that establishing a backup policy (the filter) that directs data to a storage vault (the process) satisfies this element (Compl. ¶117). A counterargument could be that this describes a simple data routing instruction, not the active "association" of distinct processes as claimed.
U.S. Patent No. 9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed cloud-based computing system | The accused systems manage financial data and are optionally implemented on cloud platforms such as AWS, Azure, or Google Cloud. | ¶131, ¶133 | col. 132:14-16 |
| providing ... (i) a plurality of select content data stores ...; and (ii) a plurality of granular data stores; and (iii) a cloud-based server | The accused systems provide a secure "data vault" (select content stores) that is isolated from production and backup systems ("granular data stores"). | ¶137-140 | col. 132:17-25 |
| extracting and storing said security designated data in respective select content data stores | Critical financial account data is extracted from production systems and stored in the secure, air-gapped data vault. A diagram from Dell illustrates this separation (Compl. p. 71). | ¶144-145 | col. 132:30-33 |
| activating at least one of said select content data stores ... thereby permitting access to said select content data stores ... based upon an application of one or more of said access controls | Access to the data vault is strictly controlled and requires security measures like multi-factor authentication. | ¶149-150 | col. 132:34-39 |
| parsing remainder data not extracted from data processed ... and storing the parsed data in respective granular data stores | Data not extracted for the vault remains in production and backup systems, which are alleged to be the "granular data stores." A Dell diagram highlights the production-side "Data Center" and "DR Site" as distinct from the vault (Compl. p. 78). | ¶152-153 | col. 132:40-43 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto | Data is withdrawn from the vault for restoration only after strict security and access controls are satisfied. | ¶158-159 | col. 132:44-48 |
- Identified Points of Contention:
- Scope Questions: The definition of "cloud-based computing system" will likely be a key dispute. The complaint asserts this is met because the exemplary Dell system can be deployed on public clouds (Compl. ¶133). However, if Defendant's implementation is primarily on-premises, it raises the question of whether that architecture falls within the claim's scope.
- Technical Questions: The infringement theory equates the production/backup systems with the claimed "granular data stores" where "remainder data" is kept (Compl. ¶152). A potential point of contention is whether simply leaving non-critical data in its original location constitutes the affirmative step of "parsing remainder data...and storing the parsed data" as required by the claim.
V. Key Claim Terms for Construction
The Term: "categorical filters" (from ’301 Patent, Claim 25)
Context and Importance: This term is foundational to the infringement theory against the ’301 Patent. Plaintiff's case appears to depend on construing this term broadly enough to read on the "protection policies" and rules-based systems used in Sheltered Harbor-compliant architectures (Compl. ¶¶87-88). The outcome of this construction could determine whether a standard, albeit secure, backup policy can be considered an infringing "filter."
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent states that "designated categorical filters are used to store select content relative to the category in certain SC stores" and that these can be enterprise policies like "customer privacy policy" or "financial data handling policy" (’301 Patent, col. 12:56-66), which may support reading the term on general policy-based rules.
- Evidence for a Narrower Interpretation: The specification repeatedly refers to specific types of filters, such as "content-based filters, contextual filters and taxonomic filters," and describes them as distinct components (e.g., modules 20, 21, 22 in FIG. 1a) (’301 Patent, col. 4:8-9; col. 11:15-24). This language may support an argument that "categorical filters" requires more than a simple data routing rule and must involve content analysis.
The Term: "distributed cloud-based computing system" (from ’169 Patent, Claim 1)
Context and Importance: This term defines the environment in which the claimed method of the ’169 Patent operates. The complaint alleges infringement by systems that may be deployed on-premises, in a hybrid environment, or on public cloud infrastructure (Compl. ¶93, ¶133). The viability of the infringement claim may depend on whether Defendant's specific architecture, which might not be fully cloud-native, qualifies as a "cloud-based" system.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition of "cloud-based." The complaint's reliance on systems that are "optionally implemented on Amazon Web Services Cloud, Google Cloud," etc., suggests an argument that compatibility with or partial use of cloud services is sufficient (Compl. ¶133).
- Evidence for a Narrower Interpretation: The term is not used in the specification of the parent ’301 patent, suggesting its addition was intended to be limiting. The defense may argue that the term, in the context of the patent's filing date, implies a specific architecture (e.g., multi-tenant, elastic infrastructure) that a dedicated, on-premises disaster recovery system does not possess.
VI. Other Allegations
- Indirect Infringement: The complaint does not contain specific allegations of induced or contributory infringement. All counts focus on direct infringement by the Defendant in making, using, and controlling the accused systems (Compl. ¶¶99, 130, 166, 193).
- Willful Infringement: Willfulness is alleged based on Defendant’s continued infringement after receiving notice of the patents via the filing and service of the complaint (Compl. ¶¶126, 162, 189, 224). The complaint also includes a separate count (Count V) alleging that Defendant has a policy or practice of not reviewing patents of others and is therefore "willfully blind to the patent rights of Plaintiff" (Compl. ¶228).
VII. Analyst’s Conclusion: Key Questions for the Case
This case appears to center on whether the patented methods, which describe granular, content-aware data management, can be read to cover the architecture and operation of modern, industry-standard financial data vaulting systems. The central questions for the court will likely be:
- A core issue will be one of definitional scope: Do the industry-standard "data vaults" and "protection policies" of the Sheltered Harbor framework constitute the "plurality of select content data stores" and "categorical filters" recited in the patent claims, or do the patents describe a more specific, technologically distinct system of content analysis and filtering?
- A key question will be one of technical equivalence: Does the accused practice of isolating "critical" data in a secure vault while leaving "non-critical" data in production systems perform the same steps as the claimed methods, which recite affirmatively "parsing remainder data" and "storing" it, and "associating" specific data processes with filters?
- A pivotal issue for several claims will be one of environmental scope: Do the accused disaster recovery systems, which may be implemented on-premises or in hybrid environments, qualify as a "distributed cloud-based computing system" as that term is used in the ’169 Patent?