DCT
2:24-cv-00313
DigitalDoors Inc v. First Horizon Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: First Horizon Bank and Iberia Bank (Tennessee)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-313, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains physical branch locations, employs personnel, and purposefully directs its business activities and services to customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods for granularly filtering, extracting, and securely storing sensitive data in distributed computing systems.
- Technical Context: The technology concerns secure information management, specifically methods for isolating and protecting critical data within larger data streams to ensure security and survivability, a practice of significant importance in the financial services sector for cyber-attack resilience.
- Key Procedural History: The complaint alleges that Defendant had pre-suit knowledge of the patents-in-suit as early as September 2014, based on their citation during the prosecution of Defendant’s own patent applications. This allegation forms the basis for a claim of willful infringement.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Asserted Patents |
| 2014-09-30 | Alleged Date of Pre-Suit Knowledge by Defendant |
| 2015-01-01 | Sheltered Harbor Initiative Launched |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-05-02 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor"
- Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor," issued April 21, 2015 (’301 Patent).
The Invention Explained
- Problem Addressed: The patent describes a state of the art where enterprises struggled to manage and secure information at a content level, particularly within unstructured data files. Conventional approaches focused on file-level security, which was inadequate for "open ecosystems" with numerous access points and for managing data whose sensitivity changes over its lifecycle (Compl. ¶27; ’301 Patent, col. 1:60-2:61).
- The Patented Solution: The invention proposes a method of organizing and processing data that shifts focus from the data file to the content itself (Compl. ¶27). It utilizes a system of "categorical filters" (which can include content-based, contextual, and taxonomic classifications) to identify, extract, and process "select content" from a data stream, storing it in designated secure locations. This allows for granular control, enhanced security through data dispersal, and flexible data management (Compl. ¶29; ’301 Patent, col. 3:17-4:12).
- Technical Importance: This content-centric approach to data security provided a more robust defense against unauthorized access by separating and distributing sensitive information, making it more difficult for an attacker to reconstruct a complete data set (’301 Patent, col. 16:25-38).
Key Claims at a Glance
- The complaint asserts independent claim 25 (’301 Patent, col. 131:25-134:2).
- Essential elements of claim 25 include:
- A method of organizing and processing data in a distributed computing system for an enterprise.
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one categorical filter and processing a data input to obtain "select content" and "associated select content."
- Storing the aggregated select content in a corresponding data store.
- Associating a data process (e.g., copy, extract, archive) with the activated filter.
- Applying that data process to a further data input based on the results of processing by the activated filter.
- Wherein the filter activation can be automatic and is time-based, condition-based, or event-based.
- The complaint does not explicitly reserve the right to assert dependent claims.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"
- Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores," issued August 15, 2017 (’169 Patent).
The Invention Explained
- Problem Addressed: The patent addresses the need for secure data management in distributed, potentially cloud-based, computing systems where sensitive data must be protected but also accessible under controlled conditions (’169 Patent, col. 1:52-2:20).
- The Patented Solution: The invention claims a method for a distributed cloud-based system that provides separate data stores for "security designated data" (select content) and "granular data." The system extracts the security-designated data for storage in secure stores with specific access controls. Crucially, it also involves "parsing remainder data not extracted" and storing that remainder data separately in the granular data stores. Data can only be withdrawn from these respective stores by satisfying the specified access controls (’169 Patent, Abstract; col. 4:27-41).
- Technical Importance: The claimed method provides an architecture for segregating sensitive and non-sensitive data components into different storage locations with distinct access rules, enhancing security in cloud environments by ensuring that even if one part of the system is compromised, the entirety of the information is not exposed (’169 Patent, col. 17:25-36).
Key Claims at a Glance
- The complaint asserts independent claim 1 (’169 Patent, col. 132:11-47).
- Essential elements of claim 1 include:
- A method of organizing and processing data in a distributed cloud-based computing system.
- Providing a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server, all coupled by a communications network.
- Extracting and storing security designated data in the select content data stores.
- Activating a select content data store to permit access based on one or more access controls.
- Parsing remainder data not extracted from the processed data and storing it in the granular data stores.
- Withdrawing the security data and parsed remainder data from their respective stores only when the access controls are applied.
- The complaint does not explicitly reserve the right to assert dependent claims.
U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"
- Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019 (’073 Patent).
- Technology Synopsis: This patent describes a method for creating a data processing infrastructure using a plurality of filters. The method involves identifying sensitive and select content with initially configured filters and then "altering" those filters—by expanding, contracting, or reclassifying their scope—to generate modified filters for organizing subsequent data throughput, thereby creating a dynamic and adaptive data management system (’073 Patent, Abstract, Claim 1).
- Asserted Claims: Independent claim 1 is asserted (Compl. ¶165).
- Accused Features: The complaint alleges that the accused systems use configurable "protection policies" as filters, which the enterprise can modify to alter how data is identified and vaulted over time (Compl. ¶¶181, 184-185).
U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls"
- Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls," issued April 2, 2019 (’639 Patent).
- Technology Synopsis: This patent details a method for "sanitizing" data processed in a distributed system. The method extracts sensitive content from a data input based on its sensitivity level, stores that extracted data in a secure store, and then creates sanitized data from the non-extracted remainder. The sanitized data is then further processed using content, contextual, and taxonomic filters to obtain "inferenced" data (’639 Patent, Abstract, Claim 16).
- Asserted Claims: Independent claim 16 is asserted (Compl. ¶192).
- Accused Features: The accused systems are alleged to extract sensitive financial data and store it in a secure vault, thereby creating a "sanitized" version of the data in the production environment. The complaint further alleges these systems use filters to analyze and "inference" this data (Compl. ¶¶214, 217, 220).
III. The Accused Instrumentality
Product Identification
Defendant’s systems and methods for data processing, backup, and disaster recovery that are compliant with the "Sheltered Harbor" specification, or are otherwise functionally equivalent (Compl. ¶95).
Functionality and Market Context
The complaint alleges that the Sheltered Harbor standard, launched in 2015, is an industry-wide initiative for financial institutions to protect critical customer account information against catastrophic cyber-attacks (Compl. ¶62). The accused systems allegedly implement this standard by extracting critical financial data, storing it in a secure and isolated "data vault," and providing for a secure "restoration platform" (Compl. ¶¶69, 76, 77). The complaint includes a graphic indicating that the Sheltered Harbor initiative covers a majority of U.S. deposit accounts and retail brokerage assets, suggesting its significance in the financial industry (Compl. p. 30). These systems are alleged to operate as a "single controlled apparatus" under the Defendant's control, comprised of interconnected hardware and software (Compl. ¶95).
IV. Analysis of Infringement Allegations
9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | Defendant's system provides a "data vault" with multiple data stores (e.g., for backup, copy, lock, and analysis) that are operative with "protection policies" which act as categorical filters. | ¶104-106 | col. 13:26-38 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... | The system activates "protection policies" (filters) to process financial data and extract critical account information (select content) for vaulting. | ¶108-109 | col. 13:39-44 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store | The extracted critical account data is aggregated and stored in the secure data vault. | ¶112-113 | col. 13:45-48 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process | The system associates data processes, such as copying and archiving data, with the select content as defined by the enterprise's protection policies for backup and vaulting. | ¶115-116 | col. 13:52-57 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... | Once a protection policy is established, the system automatically applies the same backup/vaulting process to all subsequent data inputs that match the filter criteria. | ¶118-119 | col. 13:58-64 |
| said activating a designated categorical filter, which encompasses an automatic activation... and said automatic activation is time-based, distributed computer system condition-based, or event-based | The system performs backups automatically on a nightly schedule (time-based) and/or when new assets are detected (event-based). | ¶121-123 | col. 13:65-134:2 |
Identified Points of Contention
- Scope Questions: A primary dispute may arise over whether the "protection policies" used in the Sheltered Harbor standard, which govern data backup, meet the patent's definition of "designated categorical filters." The defense may argue that the patent requires more sophisticated content, contextual, and taxonomic analysis than what is performed by a disaster recovery system, while the complaint alleges that implementing rules and tags is a form of such filtering (Compl. ¶¶87-88).
- Technical Questions: The complaint alleges that once a policy is set, "all further data inputs processed under the filter are processed in the same way" (Compl. ¶45). The court may need to examine whether the accused system's application of a backup policy to new data constitutes "applying the associated data process to a further data input based upon a result of said further data being processed," as claimed.
9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing in said distributed cloud-based computing system... a plurality of select content data stores for respective ones of a plurality of security designated data; and... a plurality of granular data stores; and... a cloud-based server... | The accused systems are allegedly implemented in cloud-based environments and provide secure "data vaults" (select content stores) and separate "production and backup systems" (granular data stores). | ¶130, ¶132, ¶136 | col. 3:28-40 |
| extracting and storing said security designated data in respective select content data stores | Critical financial account information is extracted and stored in the secure data vault. | ¶143-144 | col. 4:27-29 |
| activating at least one of said select content data stores... thereby permitting access to said select content data stores... based upon an application of one or more of said access controls thereat | The data vault is firewalled and requires strict credentials, such as multi-factor authentication, to permit access to the stored data. | ¶148-149 | col. 4:30-34 |
| parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores | Data not extracted for the vault (remainder data) is stored in the production and backup systems, which are separate from the vault. A diagram from Dell's solution brief illustrates the separate storage of data in the "Data Center" and the "Cyber Recovery Vault" (Compl. p. 78). | ¶151-152 | col. 4:35-38 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto | Data is withdrawn from the vault for the "restoration platform" only after satisfying strict security measures and access controls. | ¶157-158 | col. 4:39-41 |
Identified Points of Contention
- Technical Questions: The central technical question may be whether the accused system's function—copying critical data to a secure vault while leaving the original data in the production environment—is equivalent to the claim language of "parsing remainder data not extracted... and storing the parsed data." Defendant may argue its system performs a backup/copy operation, not the "parsing" and segregation process described in the patent.
- Scope Questions: The complaint alleges the accused systems are "optionally implemented" in various cloud environments (Compl. ¶132). The scope of what constitutes a "distributed cloud-based computing system" under the claim will be a key issue, particularly if Defendant's implementation is primarily on-premises.
V. Key Claim Terms for Construction
"categorical filters" (’301 Patent)
- Context and Importance: This term is fundamental to the infringement theory for the ’301 Patent. Its construction will determine whether the "protection policies" and backup rules of the accused Sheltered Harbor systems fall within the scope of the claims. Practitioners may focus on this term because the complaint equates these industry-standard backup rules with the patent's more elaborately described filtering system.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification suggests that enterprise-designated filters can be based on a wide range of policies, including "customer privacy policy, enterprise human resource policy, financial data handling policy, public company reporting policy, health care regulation policy," which could encompass the policies governing critical data backup (Compl. ¶45; ’301 Patent, col. 4:15-22).
- Evidence for a Narrower Interpretation: The patent repeatedly describes "categorical filters" as including "content-based filters, contextual filters and taxonomic classification filters," suggesting a requirement for semantic or contextual data analysis beyond simple data location or type (Compl. ¶29; ’301 Patent, col. 3:34-37).
"parsing remainder data not extracted" (’169 Patent)
- Context and Importance: This term is critical to determining whether the accused systems, which allegedly copy data to a vault, practice the claimed method. The dispute may center on whether "parsing remainder data" requires an active division of a data stream or if it can be read on the result of a copy operation where the original data is left behind as the "remainder."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The abstract states the method involves "parsing remainder data not extracted... and storing the parsed data," which could be interpreted as simply referring to the data that is left over after the "security designated data" is identified and stored elsewhere (’169 Patent, Abstract).
- Evidence for a Narrower Interpretation: The term "parsing" typically implies analyzing and breaking down a structure. The specification’s description of separating a source document into "extracted data" and "remainder data" may suggest a process more akin to redaction or splitting a file, rather than simply making a backup copy (’169 Patent, col. 45:26-40).
VI. Other Allegations
Indirect Infringement
While not pleaded as a separate count, the complaint contains allegations that may support a theory of induced infringement. It references publicly available documentation from technology providers like Dell, including user guides and solution briefs, that allegedly instruct financial institutions on how to implement the infringing Sheltered Harbor systems (Compl. ¶¶71, 87, 182).
Willful Infringement
The complaint alleges that Defendant's infringement has been willful, particularly after receiving notice via the filing of the complaint (Compl. ¶¶125, 161, 188, 223). More pointedly, it alleges pre-suit knowledge dating back to at least September 30, 2014, based on the citation of the DigitalDoors patents during the prosecution of Defendant's own patent applications. The complaint further alleges that Defendant maintains a policy of not reviewing third-party patents, which it characterizes as willful blindness (Compl. ¶¶226-227).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of technical and definitional equivalence: does the accused Sheltered Harbor system, which appears to operate by copying specified critical data to a secure vault for disaster recovery, practice the patented methods, which describe a system of using "categorical filters" to actively "extract" sensitive content and "parse" the remaining data into separate stores? The outcome may depend on whether an industry-standard backup-and-vault architecture can be equated to the patents' specific content-centric filtering and data segregation architecture.
- A second key question will revolve around claim construction: the dispute will likely focus on whether terms like "categorical filters" and "parsing remainder data" should be interpreted broadly to cover modern data protection practices, or narrowly limited to the specific embodiments involving taxonomic, contextual, and content analysis described in the patent specifications.
- Finally, a significant evidentiary question will be the impact of the alleged pre-suit knowledge. The allegation that Defendant was made aware of the patents during its own patent prosecution raises a critical question: did this create a duty to investigate potential infringement, and could a failure to do so, combined with an alleged policy of "willful blindness," support a finding of willful infringement?