DCT

2:24-cv-00314

DigitalDoors Inc v. First National Bank Of Omaha

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00314, E.D. Tex., 05/02/2024
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains a regular and established business presence in the district, including physical branch locations, and specifically targets customers within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods of securely filtering, extracting, and storing sensitive data within distributed computing systems.
  • Technical Context: The technology concerns granular, content-aware data security architectures, which are of significant importance to financial institutions that must ensure the continuity and integrity of customer account data in the event of a catastrophic cyberattack or system failure.
  • Key Procedural History: The complaint asserts the inventions were developed to provide data-security and survivability solutions for the U.S. government and military. It also notes that the patents-in-suit have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial services companies.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Asserted Patents
2015-04-21 U.S. Patent No. 9,015,301 Issues
2015 Sheltered Harbor Initiative Launched
2017-08-15 U.S. Patent No. 9,734,169 Issues
2019-01-15 U.S. Patent No. 10,182,073 Issues
2019-04-02 U.S. Patent No. 10,250,639 Issues
2024-05-02 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - Information Infrastructure Management Tools With Extractor, Secure Storage, Analysis And Classification And Method Therefor

The Invention Explained

  • Problem Addressed: The patent's background describes the state of the art as enterprises operating in open, vulnerable ecosystems where it was difficult to manage unstructured data, efficiently classify sensitive information, and secure data throughout its lifecycle. Conventional approaches managed data security at the file level, which was inefficient and lacked granular control over the actual content within the files (Compl. ¶27; ’301 Patent, col. 1:31-2:27).
  • The Patented Solution: The invention proposes a method for organizing data that shifts focus from the file to the content within it. The system uses "categorical filters" to automatically identify and extract important "select content" as well as related contextual or taxonomic data from a larger data stream. This aggregated, high-value content is then stored in corresponding secure data stores, separating it from less sensitive information ('301 Patent, Abstract; col. 3:25-4:18).
  • Technical Importance: This approach provided a more granular and flexible method for data security, allowing enterprises to apply specific protection policies to the content itself rather than the entire container file, which the complaint alleges was an unconventional and substantial improvement over prior art systems (Compl. ¶29).

Key Claims at a Glance

  • The complaint asserts at least independent claim 25 (’301 Patent, Compl. ¶98).
  • Claim 25 of the ’301 Patent includes the following essential elements:
    • A method of organizing and processing data in a distributed computing system for an enterprise.
    • Providing a plurality of "select content data stores" that are operative with a plurality of "designated categorical filters."
    • Activating at least one filter to process a data input to obtain "select content" and "associated select content" (which is contextually or taxonomically associated).
    • Storing the resulting "aggregated select content" in a corresponding data store.
    • Associating a data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
    • Applying that associated data process to a further data input.
    • The filter activation can be automatic (e.g., time-based, condition-based, or event-based) or manual.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 9,734,169 - Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores

The Invention Explained

  • Problem Addressed: The patent addresses the security risks in distributed, cloud-based computing environments where a single breach could expose all of an enterprise's data, as sensitive and non-sensitive information were often stored together and protected only by perimeter security (’169 Patent, col. 1:60-2:27).
  • The Patented Solution: The invention claims a method for enhancing security by segregating data. The system processes data to extract "security designated data" and moves it to a plurality of secure "select content data stores" (e.g., a data vault). The remaining, less sensitive "remainder data" is stored separately in "granular data stores" (e.g., production systems). This architecture forces an attacker to compromise multiple, physically or logically separate systems and then correctly reassemble the data to access the complete information set (’169 Patent, Abstract; col. 47:1-48:42).
  • Technical Importance: The claimed method provides a specific security architecture for cloud-based systems centered on the principle of data segregation, which is a foundational concept in modern secure data vaulting and cyber-resilience strategies (Compl. ¶130).

Key Claims at a Glance

  • The complaint asserts at least independent claim 1 (’169 Patent, Compl. ¶129).
  • Claim 1 of the ’169 Patent includes the following essential elements:
    • A method of organizing and processing data in a distributed cloud-based computing system.
    • Providing select content data stores, granular data stores, and a cloud-based server coupled by a communications network.
    • Extracting and storing security designated data in the select content data stores.
    • Activating the select content data stores to permit access based on access controls.
    • Parsing remainder data (not extracted) and storing it in the granular data stores, where the parsing can be random or based on a predetermined algorithm.
    • Withdrawing the security designated data and parsed remainder data from their respective stores only when the relevant access controls are satisfied.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 10,182,073 - Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores

  • Technology Synopsis: This patent describes an information infrastructure where data throughput is processed using a plurality of filters. The invention appears to center on the capability to dynamically alter these initially configured filters—by expanding, contracting, or reclassifying their scope—and then generating modified filters that are applied to organize subsequent data, thereby allowing the system to adapt its data handling rules over time (’073 Patent, Abstract; Compl. ¶181).
  • Asserted Claims: At least Claim 1 (Compl. ¶165).
  • Accused Features: The accused systems allegedly use configurable filters, such as data protection policies, to identify sensitive content for vaulting. The complaint alleges that the defendant, as the operating enterprise, can modify these policies, which in turn alters the rules for subsequent data extraction and protection operations (Compl. ¶¶182, 184).

U.S. Patent No. 10,250,639 - Information Infrastructure Management Data Processing Tools for Processing Data Flow With Distribution Controls

  • Technology Synopsis: This patent discloses a method for "sanitizing" data processed in a distributed system. The process involves extracting sensitive content based on its sensitivity level and storing it in a secure "extract store," separate from the "remainder data." This creates a sanitized version of the data. The system then uses various filters (content, contextual, taxonomic) to "inference" the sanitized data, allowing for analysis without exposing the original sensitive information (’639 Patent, Abstract; Compl. ¶217).
  • Asserted Claims: At least Claim 16 (Compl. ¶192).
  • Accused Features: The accused systems are alleged to extract critical financial data ("sensitive content") and store it in an isolated, secure data vault, leaving the "remainder data" in the production environment. This process, according to the complaint, results in the creation of sanitized data for secure storage and disaster recovery (Compl. ¶¶211, 214).

III. The Accused Instrumentality

  • Product Identification: The "Accused Instrumentalities" are the data backup, archival, and disaster recovery systems and methods owned, operated, or controlled by Defendant First National Bank of Omaha (FNBO). The complaint alleges these systems are either compliant with the "Sheltered Harbor" industry standard or are functionally equivalent thereto (Compl. ¶95).
  • Functionality and Market Context: The complaint alleges the accused systems perform secure data vaulting to protect critical customer financial data against catastrophic loss, such as from a destructive cyberattack (Compl. ¶95). This functionality is achieved by extracting critical account data, converting it to a standard format, and storing it in a secure, immutable, and isolated "data vault" that is air-gapped from production and backup systems (Compl. ¶¶69, 76). This enables the bank to restore basic customer services even if its primary infrastructure is compromised (Compl. ¶70). The complaint presents the Sheltered Harbor standard as a widely adopted, industry-driven initiative essential for maintaining stability and public confidence in the U.S. financial system (Compl. ¶¶62, 64). A diagram from a Sheltered Harbor factsheet is included to illustrate its wide adoption in the financial sector (Compl. ¶65, p. 29).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters which stores are operatively coupled over a communications network The accused systems provide a "data vault" (select content data stores) that operates with user-defined "protection policies" (categorical filters) to manage data. ¶104 col. 13:30-40
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which...is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content The systems activate protection policies to extract critical financial account information, which is contextually or taxonomically associated through the use of metadata and tags. ¶108, ¶110 col. 13:41-48
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store The extracted critical data is stored in designated storage units within the secure data vault. ¶112, ¶113 col. 13:49-52
and for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process The system associates defined processes, such as backup (copying/extracting) and vaulting, with the data identified by the activated protection policies. ¶115, ¶116 col. 13:53-58
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter utilizing said aggregated select content data Once a protection policy is established, it is automatically applied to subsequent data inputs, such as in nightly backup cycles. ¶118, ¶119 col. 13:59-64
activating a designated categorical filter, which encompasses an automatic activation...and said automatic activation is time-based... The data vaulting and backup processes are allegedly configured to run automatically at designated time intervals, such as nightly. ¶121, ¶122 col. 14:1-11

U.S. Patent No. 9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores for respective ones of a plurality of security designated data; and (ii) a plurality of granular data stores; and (iii) a cloud-based server... The accused systems allegedly use a cloud-based architecture that includes a secure data vault (select content data stores) and separate production/backup systems (granular data stores). The complaint provides a diagram of a compliant system showing a "Production Environment" and a "CR Vault" (Compl. ¶131, p. 66). ¶130, ¶136, ¶139 col. 131:18-29
extracting and storing said security designated data in respective select content data stores The systems extract critical financial account information and store it in the secure data vault. ¶143 col. 131:36-39
activating at least one of said select content data stores...permitting access...based upon an application of one or more of said access controls thereat Access to the data vault is restricted by strict security measures, such as multi-factor authentication and credentialed access. ¶148, ¶149 col. 131:40-46
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores Data not extracted for the vault remains in the production and backup systems, which the complaint alleges satisfies this limitation. A diagram is provided to show these production-side "Backup Workloads" (Compl. ¶152, p. 78). ¶151, ¶152 col. 131:47-50
withdrawing some or all of said security designated data...from said respective data stores only in the presence of said respective access controls applied thereto Data can only be withdrawn from the secure vault for restoration after strict access control measures are satisfied. ¶157, ¶158 col. 131:60-65
  • Identified Points of Contention:
    • Scope Questions: A primary question will be whether the specific claim language, with a 2007 priority date, can be construed to read on the functionalities of the Sheltered Harbor standard, an industry-wide initiative launched in 2015. The defense may argue that Sheltered Harbor represents a parallel, non-infringing development, while the plaintiff alleges it is a later-developed embodiment of the patented inventions.
    • Technical Questions: For the ’301 Patent, a key question may be whether the "protection policies" of the accused systems qualify as the claimed "categorical filters" that obtain "contextually" and "taxonomically" associated content. For the ’169 Patent, a point of contention may arise over whether leaving data in a production environment constitutes the affirmative claim steps of "parsing remainder data" and "storing the parsed data" in "granular data stores."

V. Key Claim Terms for Construction

  • Term: "categorical filters" (from ’301 Patent, Claim 25)

    • Context and Importance: This term is central to the claimed invention's mechanism for selecting data. The outcome of the case may depend on whether the "protection policies" used in modern data vaulting systems fall within the scope of this term. Practitioners may focus on this term because the defendant will likely argue its policies are technologically distinct from what the patent discloses.
    • Evidence for a Broader Interpretation: The specification suggests the term is broad, encompassing "content-based filters, contextual filters and taxonomic classification filters" ('301 Patent, col. 13:35-37). It also refers to filters for enterprise policies such as "level of service policy, customer privacy policy," and "financial data handling policy" (col. 4:15-22), which may support reading the term on the accused "protection policies."
    • Evidence for a Narrower Interpretation: The patent's detailed description heavily emphasizes more complex filters that use a "Knowledge Expander (KE) search engine" and build "hierarchical taxonomic system[s]" ('301 Patent, col. 10:22-32). A defendant could argue that the term should be limited to these specific, sophisticated embodiments and not cover more straightforward rule-based policies.

  • Term: "parsing remainder data... and storing the parsed data" (from ’169 Patent, Claim 1)

    • Context and Importance: The infringement allegation for this element appears to equate leaving data in a production system with the active steps of "parsing" and "storing." The viability of the infringement claim may turn on whether these verbs can be interpreted so broadly.
    • Evidence for a Broader Interpretation: The patent's summary describes the invention as separating sensitive content from remainder data, with the remainder being stored in a distributed system ('169 Patent, col. 4:31-40). This high-level description could support an argument that the precise mechanism of parsing and storing is less important than the resulting architectural separation.
    • Evidence for a Narrower Interpretation: The verbs "parsing" and "storing" imply affirmative actions. The patent specification, for instance, describes a process where a "source document...is parsed through a filter" and the separated components are stored in different locations ('169 Patent, col. 39:35-42, discussing Fig. 4). This language may support a narrower construction requiring an active process of analyzing and placing the remainder data, rather than simply not moving it.

VI. Other Allegations

  • Indirect Infringement: The complaint does not plead separate counts for induced or contributory infringement, focusing instead on allegations of direct infringement by the Defendant (Compl. ¶¶98, 129, 165, 192).
  • Willful Infringement: The complaint alleges willful infringement on two potential grounds. First, it alleges ongoing infringement after the Defendant received notice of the patents via the filing of the complaint (Compl. ¶125). Second, it alleges pre-suit knowledge dating back to at least September 30, 2014, based on alleged arguments made during the prosecution of the Defendant's own patent applications that referenced the patents-in-suit (Compl. ¶226). Willful blindness is also alleged based on a purported policy of not reviewing the patents of others (Compl. ¶227).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of temporal and technological scope: Can patent claims with a 2007 priority date, describing specific filtering and data-handling methods, be construed to cover the architecture of the Sheltered Harbor industry standard, which was developed years later? The case will likely test whether the accused modern data-vaulting standard is an implementation of the patented invention or a distinct technological solution.
  • A key question of claim construction will be the definition of active process steps: Does the routine application of backup rules and the consequent leaving of non-selected data in production systems meet the affirmative claim requirements of "activating... categorical filters" and "parsing remainder data... and storing the parsed data," or is there a fundamental mismatch in the required operations?
  • An important evidentiary question for willfulness will be whether references to the plaintiff's patents during the prosecution of the defendant's own patents are sufficient to prove the defendant, as a corporate entity, possessed the requisite knowledge of infringement for its separate and distinct data backup and recovery systems.