DCT
2:24-cv-00315
DigitalDoors Inc v. Frost Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Frost Bank (Texas)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00315, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the District, including physical branch locations, employees, and services that are purposefully directed to customers located within the District.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are allegedly compliant with the "Sheltered Harbor" financial industry standard, infringe four patents related to methods for securely identifying, extracting, storing, and managing granular data in distributed computing systems.
- Technical Context: The technology concerns secure data management architectures designed to ensure continuity and disaster recovery by separating critical data content from its original source, applying specific processing rules, and storing it in secure, distributed locations.
- Key Procedural History: The complaint alleges that the patented technology was originally developed for data security and survivability solutions for the U.S. government and military. It further alleges that Defendant had pre-suit knowledge of the patents-in-suit as early as September 2014, based on citations made during the prosecution of Defendant's own patent applications, a fact that may be central to the willfulness allegations.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Patents-in-Suit |
| 2014-09-30 | Alleged Pre-Suit Notice to Defendant via Patent Prosecution |
| 2015-01-01 | Sheltered Harbor Initiative Launch Date (approx.) |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-05-02 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor"
- Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor," issued April 21, 2015.
The Invention Explained
- Problem Addressed: The patent describes the state of the art as being vulnerable because enterprise information systems operated as "open ecosystems" and lacked the ability to effectively manage unstructured information or address the changing sensitivity of data over its lifecycle (ʼ301 Patent, col. 1:60-2:61). Conventional security was file-based, not content-based, making granular control difficult (ʼ301 Patent, col. 1:31-38).
- The Patented Solution: The invention proposes a method of organizing and processing data by focusing on the content itself rather than the file container. It uses a system of filters to identify and extract "select content" (important data) from a larger data stream, stores this select content in designated data stores, and associates specific data processes (e.g., copy, archive, destroy) with the filtered content, allowing for automated and granular data management (ʼ301 Patent, Abstract; col. 3:17-4:15).
- Technical Importance: This content-centric architecture offered a more flexible and secure method for managing sensitive information in distributed networks compared to traditional, perimeter-based security models (Compl. ¶30).
Key Claims at a Glance
- The complaint asserts independent claim 25 (Compl. ¶99).
- Essential elements of claim 25 include:
- A method of organizing and processing data in a distributed computing system having select content important to an enterprise.
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one filter and processing a data input to obtain select content and associated select content.
- Storing the aggregated select content in a corresponding data store.
- Associating at least one data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
- Applying the associated data process to a further data input based on the results of processing by the filter.
- The filter activation can be automatic (time-based, condition-based, or event-based) or manual.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores"
- Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores," issued August 15, 2017.
The Invention Explained
- Problem Addressed: The patent identifies the risks inherent in open enterprise systems where employees, partners, and vendors have access to information, creating vulnerabilities to both internal and external threats (ʼ169 Patent, col. 2:1-17). Traditional security models did not adequately segregate and protect critical data within these systems.
- The Patented Solution: The invention describes a method for a "distributed cloud-based computing system" that segregates data for security. The system extracts "security designated data" and stores it in secure "select content data stores," each with its own access controls. The remaining, less sensitive "remainder data" is parsed and stored separately in "granular data stores." The critical, designated data can only be withdrawn from its secure storage after satisfying the specified access controls, thereby protecting it even if the main system is compromised (ʼ169 Patent, Abstract; col. 3:28-4:25).
- Technical Importance: This method provides a security architecture specifically for cloud-based environments that enhances resilience by separating critical data from the main attack surface and subjecting its retrieval to strict access controls (Compl. ¶131).
Key Claims at a Glance
- The complaint asserts independent claim 1 (Compl. ¶130).
- Essential elements of claim 1 include:
- A method of organizing and processing data in a distributed cloud-based computing system.
- Providing a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server, with the data stores having respective access controls.
- Extracting and storing security designated data in the select content data stores.
- Activating a select content data store to permit access to the security designated data based on applying one or more access controls.
- Parsing remainder data not extracted and storing it in the granular data stores.
- Withdrawing the security designated data and the parsed remainder data from their respective stores only when the access controls are satisfied.
U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"
- Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019.
- Technology Synopsis: This patent discloses a method for creating an adaptable information infrastructure. The system uses an initial set of filters to identify and process sensitive data, but critically, it includes a step of "altering" these filters—by expanding or contracting their criteria or changing their classification—to generate modified filters that are then used to organize subsequent data throughput, allowing the system's data handling rules to evolve dynamically (ʼ073 Patent, Abstract; col. 3:1-12).
- Asserted Claims: Independent claim 1 is asserted (Compl. ¶166).
- Accused Features: The complaint accuses the Defendant's systems of infringement based on their alleged ability to allow an administrator to define, run, and modify data protection policies. These modifications allegedly alter the parameters for filtering data, thereby generating new rules for how subsequent data is extracted and vaulted (Compl. ¶¶ 182-183).
U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls"
- Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls," issued April 2, 2019.
- Technology Synopsis: This patent describes a method for "sanitizing" data based on multiple sensitivity levels and security clearances. The system extracts sensitive content from a data input, stores it in a secure "extract store" corresponding to its sensitivity level, and leaves behind "remainder data." It then applies content, contextual, and taxonomic filters to "inference" the sanitized data, enabling sophisticated analysis and classification of the secured information (ʼ639 Patent, Abstract).
- Asserted Claims: Independent claim 16 is asserted (Compl. ¶193).
- Accused Features: The accused systems are alleged to infringe by using filters and data analytics to identify and extract critical financial data based on its sensitivity, storing it in a secure vault, and associating it with various security levels and clearance requirements that govern access and restoration (Compl. ¶¶ 198, 218).
III. The Accused Instrumentality
Product Identification
- The "Accused Instrumentalities" are Defendant Frost Bank's systems and methods for processing, backing up, and recovering data in a distributed computing environment (Compl. ¶96).
Functionality and Market Context
- The complaint alleges these systems are compliant with the "Sheltered Harbor" industry specification or are functionally equivalent (Compl. ¶96). The core functionality is to protect critical customer financial data against catastrophic loss from events like cyberattacks. This is achieved by extracting critical data, converting it to a standard format, and storing it in a secure, encrypted, immutable, and isolated "data vault" (Compl. ¶¶ 70, 77). A separate "restoration platform" is used to recover the data from the vault to restore customer services (Compl. ¶78). The complaint frames these systems as a necessary, industry-standard implementation for financial institutions to ensure operational resilience and regulatory compliance (Compl. ¶¶ 63, 95). A diagram in the complaint illustrates the Dell PowerProtect Cyber Recovery architecture, which separates a "Production Environment" from a "Data Vault Environment" via a secure replication process and an "air-gap" (Compl. ¶73, p. 32).
IV. Analysis of Infringement Allegations
9,015,301 Patent Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed computing system having select content important to an enterprise... | Defendant operates distributed systems to manage and protect critical customer financial account data, which is important to its enterprise. | ¶100, ¶102 | col. 3:20-27 |
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The accused systems provide a "data vault" with designated stores for content derived from categorical filters, such as rules to identify critical business services and customer account data. | ¶105, ¶107 | col. 13:30-41 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... as aggregated select content. | The systems activate protection policies (filters) to extract critical financial account information using aggregated tags based on contextual or taxonomic associations. | ¶109, ¶110 | col. 13:42-50 |
| storing said aggregated select content... in said corresponding select content data store. | The extracted critical account data is stored in corresponding storage units or trees within the secure data vault. | ¶113, ¶114 | col. 13:48-50 |
| for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process. | The systems associate data processes like backup (copy/archive) with the selected content as part of the established protection policies. | ¶116, ¶117 | col. 13:51-57 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... | Once a protection policy is established, all subsequent data inputs are processed in the same way, e.g., nightly backups are automatically created and stored in the designated unit. | ¶119, ¶121 | col. 13:58-63 |
| activating a designated categorical filter, which encompasses an automatic activation... said automatic activation is time-based, distributed computer system condition-based, or event-based. | The system processing runs automatically on a designated time interval (e.g., nightly), upon a designated condition (new assets detected), or event. | ¶122, ¶124 | col. 14:1-11 |
- Identified Points of Contention:
- Technical Question: The claim requires first "associating" a data process with a filter, and then "applying" that process to subsequent data. The court may need to determine if the accused system’s single act of creating and running a backup policy (e.g., "back up finance data nightly to the vault") satisfies this two-step "associate then apply" structure, or if it represents a different, non-infringing workflow.
- Scope Question: A central question may be whether the "protection policies" of the accused Sheltered Harbor-compliant systems, which are designed to identify "critical customer account data," function as the "designated categorical filters" described in the patent, which also discusses taxonomic and contextual analysis.
9,734,169 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed cloud-based computing system... | The accused systems are allegedly optionally implemented on cloud platforms such as AWS, Azure, or Google Cloud. | ¶131, ¶133 | col. 131:13-18 |
| providing... (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server, each... having respective access controls... | The system provides secure data vaults ("select content data stores") and production/backup systems ("granular data stores"), with access to the vault controlled by security credentials and multi-factor authentication. | ¶137, ¶138, ¶140 | col. 3:45-53 |
| extracting and storing said security designated data in respective select content data stores. | Protection policies are used to extract critical financial account data and store it in the secure data vault. A diagram in the complaint depicts this extraction and storage process. | ¶144, ¶145, ¶105 p. 64 | col. 4:1-3 |
| activating at least one of said select content data stores... permitting access to said... data based upon an application of one or more of said access controls... | Access to the data vault is permitted only upon satisfaction of strict security measures, including credentialed access and multi-factor authentication. | ¶149, ¶150 | col. 4:4-9 |
| parsing remainder data not extracted... and storing the parsed data in respective granular data stores. | Data not extracted for the vault (remainder data) is stored in production and backup systems, which serve as the granular data stores. | ¶152, ¶153 | col. 4:10-13 |
| withdrawing some or all of said security designated data and said parsed data... only in the presence of said respective access controls applied thereto. | Data is withdrawn from the vault to a restoration platform only upon satisfaction of strict security measures, such as for emergency recovery after a cyberattack. | ¶158, ¶159 | col. 4:14-19 |
- Identified Points of Contention:
- Scope Question: The claim preamble recites a "distributed cloud-based computing system." A key point of contention may be whether Defendant's system is in fact "cloud-based." The complaint's allegation that compliant systems are optionally implemented in the cloud may not be sufficient if Defendant's specific implementation is entirely on-premises.
- Technical Question: The claim requires parsing and storing "remainder data" in "granular data stores." It will be a factual question whether the accused production and backup systems, which are the source of the extracted data, also function as the claimed "granular data stores" for the non-extracted data in the manner described by the patent.
V. Key Claim Terms for Construction
The Term: "categorical filters" (from ʼ301 Patent, Claim 25)
- Context and Importance: This term is fundamental to how the invention identifies the "select content" to be secured. The infringement theory equates this term with the "protection policies" and data identification rules of the Sheltered Harbor standard. The construction of this term will determine whether simple, rule-based selections (e.g., "all customer account data") are covered, or if a more complex analysis is required.
- Evidence for a Broader Interpretation: The specification describes these filters as including content-based, contextual, and taxonomic classification filters, suggesting a broad range of rule types ('301 Patent, col. 13:35-38). This language may support an interpretation that covers any system that categorizes and selects data based on predefined rules.
- Evidence for a Narrower Interpretation: The patent frequently discusses these filters in conjunction with a "Knowledge Expander (KE) search engine" and a "classification generator" that performs semantic and taxonomic analysis ('301 Patent, col. 10:22-32). A defendant may argue that a "categorical filter" requires this type of advanced, learning-based classification capability, not just a static rule set defining "critical data."
The Term: "distributed cloud-based computing system" (from ʼ169 Patent, Claim 1)
- Context and Importance: This term in the claim's preamble likely defines the scope of the invention. Whether Defendant's system infringes Claim 1 depends entirely on whether its architecture meets this definition.
- Evidence for a Broader Interpretation: Practitioners may argue that in modern IT, any distributed system that utilizes remote servers or storage for any part of its operation (including off-site backup or disaster recovery services) could be considered "cloud-based," aligning with the complaint's allegation that compliant systems are designed for deployment on platforms like AWS and Azure (Compl. ¶133).
- Evidence for a Narrower Interpretation: The claim lists a "cloud-based server" as a distinct component alongside data stores. A defendant may argue this requires the central processing or control logic to reside in the cloud, not merely the use of cloud storage as a passive backup target for an otherwise on-premises system.
VI. Other Allegations
- Willful Infringement: The complaint alleges that Defendant has been on notice of the patents since at least the filing of the complaint (Compl. ¶227). Crucially, it also alleges pre-suit knowledge dating back to September 30, 2014, "by virtue of patent prosecution arguments made in the United States Patent and Trademark Office during prosecution of Defendant’s own patent applications," which allegedly cited the patents-in-suit (Compl. ¶227). The complaint further alleges that Defendant maintains a policy of not reviewing third-party patents, which it characterizes as willful blindness (Compl. ¶228).
VII. Analyst’s Conclusion: Key Questions for the Case
- A central issue will be one of technical translation: can the architecture and processes of the financial industry's "Sheltered Harbor" standard—which focuses on creating isolated, immutable data vaults for disaster recovery—be mapped directly onto the specific, multi-step filtering, associating, and storing limitations recited in the asserted patent claims, which were drafted years before the standard was developed?
- The case may turn on definitional scope: does a financial institution's use of policy-based rules to identify "critical account data" meet the patent's requirement for "categorical filters," which the specification also describes in the context of advanced semantic and taxonomic analysis? Furthermore, does an on-premises data protection system that offers optional cloud integration meet the "cloud-based" limitation of the ’169 patent?
- A key legal battleground will likely be willfulness: what is the legal effect of the patents-in-suit being cited during the prosecution of Defendant's own patents? The court will have to decide if this constitutes pre-suit knowledge sufficient to support a claim for willful infringement, particularly if Defendant can substantiate an institutional policy of not reviewing competitors' patents.