DCT
2:24-cv-00312
DigitalDoors Inc v. Cathay Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Cathay Bank (California)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00312, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical branch locations and employees, and targets customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are allegedly compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods for securely filtering, extracting, and storing sensitive data in a distributed computing environment.
- Technical Context: The technology relates to data security and disaster recovery, a critical function in the financial services sector where maintaining data integrity and availability in the face of cyberattacks is a major operational and regulatory concern.
- Key Procedural History: The complaint asserts that the inventions were developed to address data security and survivability challenges first identified in a military context. It also notes that the patents-in-suit have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial companies, which may be presented as evidence of the patents' significance.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Patents-in-Suit |
| 2015-04-21 | U.S. Patent No. **9,015,301** Issued |
| 2015-XX-XX | Sheltered Harbor Initiative Launched |
| 2017-08-15 | U.S. Patent No. **9,734,169** Issued |
| 2019-01-15 | U.S. Patent No. **10,182,073** Issued |
| 2019-04-02 | U.S. Patent No. **10,250,639** Issued |
| 2024-05-02 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Classification And Method Therefor"
The Invention Explained
- Problem Addressed: At the time of the invention, enterprises struggled to manage and secure both structured and unstructured data, classify sensitive information efficiently, and protect "open ecosystems" from vulnerabilities at numerous access points ('301 Patent, col. 1:31-2:27). Existing systems lacked the ability to manage the changing sensitivity of information over its lifecycle ('301 Patent, col. 2:28-61).
- The Patented Solution: The patent describes a method for organizing data by using "categorical filters" to identify and extract important "select content" from a data stream. This extracted content is then stored in designated data stores, separate from the remainder of the data. The system associates specific data processes—such as copying, archiving, or destruction—with the filtered content, allowing for granular control over sensitive information within a distributed computing system ('301 Patent, Abstract; col. 3:17-4:35).
- Technical Importance: The invention represented a shift from file-level security to content-level security, providing a more granular and flexible architecture for protecting sensitive information distributed across a network (Compl. ¶27).
Key Claims at a Glance
- The complaint asserts at least independent method claim 25 (Compl. ¶98).
- The essential elements of Claim 25 include:
- Providing, in a distributed computing system, a plurality of select content data stores operative with designated categorical filters.
- Activating at least one filter and processing a data input through it to obtain select content.
- Storing the resulting aggregated select content in a corresponding data store.
- Associating a data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
- Applying that associated data process to a further data input based on the results of processing.
- Activating the filter either automatically (based on time, system condition, or event) or manually.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"
The Invention Explained
- Problem Addressed: The patent identifies the security risks inherent in distributed computing systems, where data is often stored and accessed across multiple locations, making it vulnerable to unauthorized access or catastrophic loss ('169 Patent, col. 1:53-2:27).
- The Patented Solution: The invention discloses a method for securing data in a distributed, cloud-based system. It involves providing separate storage locations: "select content data stores" for sensitive, security-designated data and "granular data stores" for the non-sensitive "remainder data." A cloud-based server manages access to these segregated stores, enforcing access controls that permit withdrawal of data only when authorized ('169 Patent, Abstract).
- Technical Importance: This architecture provides enhanced security by physically or logically separating sensitive and non-sensitive data into different storage repositories, each with its own access controls, thereby reducing the attack surface for critical information (Compl. ¶¶131, 136).
Key Claims at a Glance
- The complaint asserts at least independent method claim 1 (Compl. ¶129).
- The essential elements of Claim 1 include:
- Providing a distributed cloud-based system comprising (i) select content data stores, (ii) granular data stores, and (iii) a cloud-based server, with access controls at the select content stores.
- Providing a communications network coupling the stores and the server.
- Extracting and storing security-designated data in the select content data stores.
- Activating a select content data store to permit access based on applying access controls.
- Parsing the remainder data not extracted and storing it in the granular data stores.
- Withdrawing data from any of the stores only when the respective access controls are applied.
U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores"
- Technology Synopsis: This patent describes an information infrastructure where data is processed through a plurality of filters to identify and segregate sensitive content. A key aspect of the invention is the ability to dynamically alter these initially configured filters by expanding, contracting, or reclassifying the criteria for sensitive and select content, and then generating modified filters to organize further data throughput ('073 Patent, Abstract; Compl. ¶¶181, 184).
- Asserted Claims: At least Claim 1 (Compl. ¶165).
- Accused Features: The accused systems' use of configurable "protection policies" to identify and vault critical financial data, and the ability for the enterprise to modify these policies, are alleged to infringe the claims related to altering and generating filters (Compl. ¶¶182, 185).
U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools For Data Flow With Distribution Controls"
- Technology Synopsis: This patent details a method for "sanitizing" data by extracting sensitive content based on its sensitivity level and security clearance, and storing it in secure "extract data stores." The remaining data is also stored separately. The invention further claims a step of "inferencing" the sanitized data using content, contextual, and taxonomic filters to obtain further insights from the secured data ('639 Patent, Abstract; Compl. ¶¶202, 217).
- Asserted Claims: At least Claim 16 (Compl. ¶192).
- Accused Features: The accused systems are alleged to perform the claimed sanitization by extracting critical account information into a secure vault. The use of filters and rules within the accused systems to analyze and protect this vaulted data is alleged to constitute the claimed "inferencing" functionality (Compl. ¶¶217, 220).
III. The Accused Instrumentality
Product Identification
The "Accused Instrumentalities" are data backup and disaster recovery systems and methods that Defendant Cathay Bank allegedly makes, owns, operates, or uses. These systems are alleged to be compliant with the "Sheltered Harbor" specification or to provide "substantially equivalent functionality" (Compl. ¶95).
Functionality and Market Context
- The complaint describes the Sheltered Harbor standard as an industry-wide initiative for the U.S. financial sector designed to ensure data resiliency after a major cyberattack by protecting critical customer account information (Compl. ¶62). The core functionality involves extracting critical data, placing it in a standardized format, and storing it in an immutable, encrypted, and isolated "data vault" (Compl. ¶¶69, 72, 76). This vault is "air-gapped," meaning it is disconnected from production and backup networks to prevent compromise (Compl. ¶76). A screenshot from a Dell instructional video shows a user interface for generating reports by selecting various filter options. (Compl. ¶182, p. 94).
- The complaint positions Sheltered Harbor as the industry standard, with near-uniform participation from financial institutions, suggesting that compliance is a commercial and regulatory necessity (Compl. ¶¶65, 94). The Dell PowerProtect Cyber Recovery solution is identified as an exemplary system that is endorsed by and compliant with the Sheltered Harbor standard (Compl. ¶71).
IV. Analysis of Infringement Allegations
'301 Patent Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The accused systems provide a "data vault" containing multiple designated storage units for select content, which is derived from "protection policies" that act as categorical filters. | ¶104, ¶106 | col. 13:30-40 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content... | The systems activate these protection policies to process data and extract critical financial account information (the select content). | ¶108, ¶109 | col. 13:41-48 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store | The extracted critical account data is aggregated and stored in corresponding storage units within the secure data vault. | ¶112, ¶113 | col. 13:49-53 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process | The system associates data processes such as backup (copying), vaulting (extracting), and archiving with the select content according to enterprise policies. | ¶115, ¶116 | col. 13:54-59 |
| applying the associated data process to a further data input based upon a result of said further data being processed... | Once a protection policy is established, it is automatically applied to all subsequent data inputs (e.g., new data triggering a nightly backup). | ¶118, ¶120 | col. 13:60-65 |
| wherein activating said designated categorical filter encompasses an automatic activation... [that is] time-based, distributed computer system condition-based, or event-based | The data processing and vaulting occurs automatically based on a set time (e.g., nightly), an event (detection of new assets), or a system condition. A diagram shows the Dell system architecture including data extraction and a secure, air-gapped data vault. (Compl. ¶72, p. 32). | ¶121, ¶122 | col. 14:1-12 |
Identified Points of Contention
- Scope Questions: A central question may be whether a "protection policy" within a modern backup system, which primarily governs backup schedules and storage locations, meets the patent's definition of a "designated categorical filter," which is described as involving taxonomic and contextual analysis.
- Technical Questions: The court may need to determine if the accused systems "apply... the data process... based upon a result" of data processing, as the claim requires, or if they simply apply a static policy to all new data without a "result"-based feedback loop.
'169 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... | The accused systems allegedly use secure data vaults (select content data stores) and production/backup systems (granular data stores), and are optionally implemented on cloud platforms (e.g., AWS, Azure). | ¶132, ¶136, ¶139 | col. 3:34-40 |
| providing a communications network operatively coupling said plurality of select content data stores and cloud-based server | The production environment is communicatively coupled to the data vault, often through a dedicated, "air-gapped" connection. A Sheltered Harbor diagram illustrates this architecture connecting a "Processing Environment" to an "Air-Gapped Environment." (Compl. ¶131, p. 65). | ¶141, ¶142 | col. 3:41-43 |
| extracting and storing said security designated data in respective select content data stores | The systems extract critical financial account data and store it in the secure data vault. | ¶143, ¶146 | col. 4:1-3 |
| activating at least one of said select content data stores... permitting access... based upon an application of one or more of said access controls thereat | Access to the data vault is protected by strict access controls, such as credentials and multi-factor authentication. | ¶148, ¶149 | col. 3:43-45 |
| parsing remainder data not extracted from data processed... and storing the parsed data in respective granular data stores | Data that is not extracted for the vault (remainder data) is stored in the production and backup systems outside the vault. | ¶151, ¶152 | col. 4:4-6 |
| withdrawing some or all of said security designated data and said parsed data... only in the presence of said respective access controls applied thereto | Data can be withdrawn from the vault for restoration only after satisfying the system's strict access controls. | ¶157, ¶158 | col. 4:10-13 |
Identified Points of Contention
- Scope Questions: The interpretation of "cloud-based computing system" may be a key issue. The defense could argue the term requires third-party cloud infrastructure, which may not be present in an on-premises deployment, while the plaintiff may argue it broadly covers any distributed computing architecture.
- Technical Questions: It may be disputed whether the act of simply not selecting certain data for inclusion in a secure vault constitutes the affirmative steps of "parsing remainder data" and "storing the parsed data" as required by the claim.
V. Key Claim Terms for Construction
The Term: "categorical filter" (from '301 Patent)
- Context and Importance: This term is foundational to the infringement theory for the '301 Patent. Plaintiff's case appears to depend on equating the "protection policies" of the accused Sheltered Harbor systems with this term. The definition will determine whether a standard data backup policy falls within the scope of the claims.
- Evidence for a Broader Interpretation: The patent summary states the system includes "enterprise designated categorical filters which include content-based filters, contextual filters and taxonomic classification filters" ('301 Patent, col. 3:44-48). This use of "include" could suggest these are examples, not an exhaustive list, allowing for a broader interpretation that covers other types of rule-based filters.
- Evidence for a Narrower Interpretation: The detailed description repeatedly emphasizes specific types of filters that perform semantic or contextual analysis ('301 Patent, col. 10:22-32). A defendant may argue that the term is limited to these intelligent filter types and does not cover simple, rule-based backup policies that do not analyze content.
The Term: "parsing remainder data" (from '169 Patent)
- Context and Importance: The infringement allegation hinges on the idea that data not sent to the secure vault is "parsed" and stored elsewhere. The construction of "parsing" will be critical. If it requires an active analysis or structuring of the remainder data, the infringement argument may be weakened; if it simply means separating or identifying, the argument may be stronger.
- Evidence for a Broader Interpretation: The patent describes a process where a data input is processed and "security sensitive content is separately stored... Remainder data is stored..." ('169 Patent, col. 4:4-9). This language could support a reading where "parsing" simply means the act of separating the data stream into two parts—extracted and remainder.
- Evidence for a Narrower Interpretation: The term "parsing" in computer science typically implies analyzing a string of symbols or data to understand its grammatical structure or logical components. A defendant may argue that merely failing to select data for a backup does not constitute an active "parsing" of that data.
VI. Other Allegations
Willful Infringement
- The complaint alleges that Defendant has been on actual notice of the asserted patents since at least the date of service of the complaint (Compl. ¶226). It further alleges that Defendant maintains a "policy or practice of not reviewing the patents of others," which it characterizes as willful blindness to Plaintiff's patent rights, as a basis for willfulness (Compl. ¶227).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the term "categorical filter," described in the patents with reference to contextual and taxonomic analysis, be construed to cover the rule-based "protection policies" used in modern, industry-standard disaster recovery systems like those compliant with Sheltered Harbor?
- A second key issue will be one of technological operation: does the accused process of segregating critical data into a secure vault while leaving other data in production systems constitute the specific, multi-step method of "extracting" select content and affirmatively "parsing" and "storing" "remainder data" as claimed, or is this a fundamental mismatch between the patent's disclosure and the accused functionality?
- For certain claims, a dispositive question may be one of system architecture: does the term "cloud-based computing system" require the use of third-party, off-site infrastructure, or can it read on a distributed but entirely on-premises data center architecture, which a financial institution like the Defendant may employ?