DCT

2:24-cv-00316

DigitalDoors Inc v. Origin Bank

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00316, E.D. Tex., 05/02/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical branch locations and employees, and specifically targets customers located within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are compliant with or functionally equivalent to the financial industry's "Sheltered Harbor" specification, infringe four patents related to methods for organizing, filtering, and securing data in distributed computing systems.
  • Technical Context: The technology relates to data security architectures that identify sensitive information within data streams, extract it, and store it securely in distributed locations for disaster recovery and controlled reconstruction.
  • Key Procedural History: The complaint does not mention prior litigation or post-grant proceedings involving the asserted patents. It notes, however, that the patents have been cited as relevant prior art in hundreds of patent applications by major technology and financial services companies.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Asserted Patents
2015-04-21 U.S. Patent No. 9,015,301 Issued
2015 Sheltered Harbor initiative launched
2017-08-15 U.S. Patent No. 9,734,169 Issued
2019-01-15 U.S. Patent No. 10,182,073 Issued
2019-04-02 U.S. Patent No. 10,250,639 Issued
2024-05-02 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor"

The Invention Explained

  • Problem Addressed: The patent’s background describes several deficiencies in the state of the art circa 2007, including the inability of enterprises to manage unstructured data, the inefficiency of classifying sensitive data without semantic analysis, and the vulnerability of open information ecosystems with numerous access points (Compl. ¶28; ’301 Patent, col. 1:31-2:27).
  • The Patented Solution: The invention provides a method and system for organizing and processing data in a distributed system. A core concept involves using various types of "categorical filters" (e.g., content-based, contextual, taxonomic) to identify and extract "select content" from a data stream. This extracted content is then stored in designated secure data stores, while the remaining data may be stored separately. This allows for granular control over data security and reconstruction (Compl. ¶27; ’301 Patent, Abstract; col. 3:1-4:7).
  • Technical Importance: The technology claims to shift data management from a file-level approach to a content-level approach, enabling more sophisticated and secure handling of sensitive information within distributed enterprise networks (Compl. ¶¶28-30; ’301 Patent, col. 9:46-58).

Key Claims at a Glance

  • The complaint asserts independent method Claim 25 (Compl. ¶99).
  • Essential elements of Claim 25 include:
    • A method of organizing and processing data in a distributed computing system having select content important to an enterprise.
    • Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content.
    • Storing said aggregated select content for said at least one categorical filter in said corresponding select content data store.
    • Associating at least one data process from a group including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process.
    • Applying the associated data process to a further data input.
    • Wherein activating encompasses an automatic or manual activation.
  • The complaint does not explicitly reserve the right to assert other claims of the ’301 Patent.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"

The Invention Explained

  • Problem Addressed: The patent addresses the risks inherent in open enterprise information systems where employees, partners, and customers access and share data, creating vulnerabilities to both outside "hackers" and inside misuse (Compl. ¶28; ’169 Patent, col. 2:1-17).
  • The Patented Solution: The invention describes a method for processing data in a distributed, cloud-based system. It involves providing separate data stores for "security designated data" (extracted sensitive content) and "granular data" (remainder data). A cloud-based server manages the extraction and storage processes. Access to the sensitive data is controlled, and the remainder data is stored separately. The system allows for secure withdrawal and reconstruction of the original data only when authorized (Compl. ¶27; ’169 Patent, Abstract).
  • Technical Importance: This architecture provides security by separating sensitive data from its original context and storing the pieces in different locations, requiring an attacker to compromise multiple systems to reconstruct the valuable information (Compl. ¶53; ’169 Patent, col. 17:25-33).

Key Claims at a Glance

  • The complaint asserts independent method Claim 1 (Compl. ¶130).
  • Essential elements of Claim 1 include:
    • A method of organizing and processing data in a distributed cloud-based computing system.
    • Providing: (i) a plurality of select content data stores for security designated data; (ii) a plurality of granular data stores; and (iii) a cloud-based server, with access controls at each select content data store.
    • Providing a communications network coupling the stores and server.
    • Extracting and storing the security designated data in respective select content data stores.
    • Activating at least one select content data store to permit access based on access controls.
    • Parsing remainder data not extracted and storing it in respective granular data stores.
    • Withdrawing data from the stores only in the presence of applied access controls.
  • The complaint does not explicitly reserve the right to assert other claims of the ’169 Patent.

Multi-Patent Capsule: U.S. Patent No. 10,182,073

  • Patent Identification: U.S. Patent No. 10,182,073, “Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores,” issued January 15, 2019.
  • Technology Synopsis: This patent focuses on creating a data processing infrastructure using a plurality of filters. The system identifies sensitive content based on sensitivity levels, provides secure data stores, and allows for the filters to be dynamically altered or modified (e.g., expanded or contracted) to change how data is organized and processed over time (Compl. ¶¶182-183; ’073 Patent, Abstract).
  • Asserted Claims: At least Claim 1 (Compl. ¶166).
  • Accused Features: The accused systems allegedly infringe by using configurable "protection policies" to identify and extract critical financial data for storage in a secure vault, and by providing user interfaces that allow for the modification of these policies (Compl. ¶¶183, 186).

Multi-Patent Capsule: U.S. Patent No. 10,250,639

  • Patent Identification: U.S. Patent No. 10,250,639, “Information Infrastructure Management Data Processing Tools for Data Flow With Distribution Controls,” issued April 2, 2019.
  • Technology Synopsis: This patent describes a method of "sanitizing" data by processing it through filters to separate sensitive content from non-sensitive "remainder data." The sensitive content is associated with different sensitivity levels and security clearances. The process uses content, contextual, and taxonomic filters to "inference" the data, creating sanitized versions that can be stored securely and reconstructed based on user clearance levels (Compl. ¶¶194, 218; ’639 Patent, Abstract).
  • Asserted Claims: At least Claim 16 (Compl. ¶193).
  • Accused Features: The accused systems are alleged to perform the claimed method by extracting critical customer account data (sensitive content) from the production environment, storing it in a secure vault (sanitizing), and using filters and policies to manage this process (Compl. ¶¶204, 215, 221).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentalities" are identified as the data processing systems and methods that Defendant Origin Bank makes, owns, operates, or uses which are compliant with the "Sheltered Harbor" specification, or provide substantially equivalent functionality (Compl. ¶96).

Functionality and Market Context

  • The complaint alleges that the accused systems implement the Sheltered Harbor standard, an industry-driven initiative for the U.S. financial sector to ensure data resiliency against catastrophic cyberattacks (Compl. ¶63). The core functionality involves nightly backing up of critical customer account data to a secure, immutable, and isolated "data vault" (Compl. ¶¶73, 77). This vault is "air-gapped," meaning it is disconnected from production and backup networks to prevent the propagation of threats (Compl. ¶77, 81).
  • Data is extracted from the production environment, converted to a standard format, encrypted, and replicated to the vault (Compl. ¶70). In the event of a system failure, the vaulted data can be used on a common "restoration platform" to restore customer access to funds and account information (Compl. ¶78). The complaint presents the Dell PowerProtect Cyber Recovery solution as an exemplary system that implements the Sheltered Harbor standard and embodies the accused functionality (Compl. ¶72). A diagram from a Dell Solution Brief illustrates the architecture, showing data extraction from a "Production Environment" and secure replication across an "Air-gap" to a "Data Vault Environment" (Compl. ¶73, p. 32).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,015,301 Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of organizing and processing data in a distributed computing system... Defendant operates a distributed network of servers and hardware for data processing and vaulting in compliance with Sheltered Harbor. ¶100 col. 3:20-23
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... The accused systems provide a "data vault" with multiple data stores (e.g., for backup, copy, lock, and analysis) that are operative with enterprise-established "protection policies" which act as filters. ¶¶105-107 col. 13:30-38
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... The systems activate protection policies (filters) to extract critical financial account information (select content) from production data. The extracted information is associated contextually or taxonomically through the use of metadata and tags. ¶¶109-111 col. 13:48-52
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store. The extracted critical account data is aggregated and stored in corresponding storage units or "storage trees" within the secure data vault. ¶¶113-114 col. 13:53-57
for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... The system associates data processes (e.g., backup, which is a copy/archive process) with the filtered content to move it from production to the vault in accordance with Sheltered Harbor requirements. ¶¶116-117 col. 14:1-7
applying the associated data process to a further data input... Once a protection policy is established, all subsequent data inputs are processed in the same way, for example, via nightly backups. ¶¶119, 121 col. 14:8-13
wherein said activating a designated categorical filter encompasses an automatic activation... said automatic activation is time-based, distributed computer system condition-based, or event-based. Processing occurs automatically at a designated time interval (nightly), upon a designated condition (detection of new assets), or based on an event. ¶¶122, 124 col. 14:38-46

Identified Points of Contention

  • Scope Questions: A central question may be whether the term "categorical filters," as described in the patent, can be construed to read on the "protection policies" and "rules" allegedly used in the Sheltered Harbor systems (Compl. ¶¶87-88). The defense may argue that these are distinct technical concepts, while the plaintiff will likely contend they are functionally equivalent.
  • Technical Questions: The complaint alleges that the "data vault" and its components constitute the claimed "plurality of select content data stores" (Compl. ¶106). The court may need to determine if the architecture of the accused systems, which distinguishes between a "Production Environment" and a "Vault Environment" as shown in a system diagram, maps onto the specific claim limitations (Compl. ¶82, p. 36).

U.S. Patent No. 9,734,169 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of organizing and processing data in a distributed cloud-based computing system... The accused systems are alleged to be optionally implemented on cloud platforms such as AWS, Azure, or Google Cloud. ¶¶131, 133 col. 132:14-18
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... The systems provide a secure "data vault" (select content stores) that is isolated from the "production and backup systems" (granular data stores), with operations managed by servers that can be cloud-based. ¶¶137-140 col. 4:1-11
providing a communications network operatively coupling said plurality of select content data stores and cloud-based server. The accused systems include a communications network, which can be an "air-gapped" connection, that couples the production environment, the vault environment, and the controlling servers. ¶¶142-143 col. 4:1-11
extracting and storing said security designated data in respective select content data stores. The systems extract critical financial data and store it in the secure data vault. ¶¶144-145 col. 4:12-14
parsing remainder data not extracted... and storing the parsed data in respective granular data stores. Remainder data that is not extracted is stored in the production and backup systems, which are separate from the vault. A diagram from a Dell solution brief illustrates these separate storage areas (Compl. ¶153, p. 77). ¶¶152-153 col. 4:21-24
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Data can only be withdrawn from the vault to the "restoration platform" upon satisfaction of strict security measures, including credentialed access and multi-factor authentication. ¶¶158-159 col. 4:25-29

Identified Points of Contention

  • Scope Questions: The claim requires a "distributed cloud-based computing system." While the complaint alleges cloud implementation is an option (Compl. ¶133), a key question will be whether the specific system operated by Origin Bank is, in fact, "cloud-based" as the term is understood in the patent, or if it is an on-premises system that falls outside the claim's scope.
  • Technical Questions: The claim distinguishes between "select content data stores" and "granular data stores." A factual dispute may arise over whether the accused architecture—which separates a "Data Vault Environment" from a "Production Environment"—truly maps to this claimed structure, or if the technical reality of the data storage is different from what is claimed. The diagram from the Sheltered Harbor Operating Rules illustrates this separation between the "Processing Environment" and the "Air-Gapped Environment" (Compl. ¶101, p. 50).

V. Key Claim Terms for Construction

For the ’301 Patent

  • The Term: "designated categorical filters" (Claim 25)
  • Context and Importance: This term is the central mechanism for identifying the "select content" to be protected. The infringement theory depends on equating this term with the "protection policies," "rules," and "predefined filters" used in Sheltered Harbor-compliant systems to identify "critical account data" (Compl. ¶¶87, 107). The viability of the infringement case may hinge on whether this construction is adopted.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification describes a wide range of filters, including "content-based filters, contextual filters and taxonomic classification filters," and states they can be used to enforce various enterprise policies, such as "customer privacy policy, supplier policy, enterprise human resource policy," etc. (’301 Patent, col. 4:3-7; col. 11:58-67). This may support a broad definition covering any rule-based system for data selection.
    • Evidence for a Narrower Interpretation: The detailed description provides specific examples and structures for these filters, such as using a "Knowledge Expander (KE) search engine" to build taxonomic filters or using "tear tagged lines" for contextual filters (’301 Patent, col. 10:22-32; col. 19:8-10). A defendant may argue that the term should be limited to these more complex, specific implementations rather than any generic policy rule.

For the ’169 Patent

  • The Term: "distributed cloud-based computing system" (Claim 1)
  • Context and Importance: This term appears in the preamble but is also cited by the complaint as a key feature of the accused systems (Compl. ¶131, 133). Whether the accused Origin Bank system is "cloud-based" is a threshold infringement question. The definition will determine if on-premises or hybrid systems are covered.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent itself does not provide an explicit definition of "cloud-based." The term was added during prosecution, and its scope may be interpreted broadly in line with its general meaning in the art at the time of the invention.
    • Evidence for a Narrower Interpretation: The specification does not use the term "cloud-based." It describes distributed computing using terms like "Internet," "client-server," and "remote storage" (’169 Patent, col. 43:6-44:26). A defendant could argue that the term should be construed in light of these specific network architectures described in the patent, potentially limiting it to systems that rely on public cloud infrastructure rather than private, air-gapped vaults.

VI. Other Allegations

  • Indirect Infringement: The complaint does not contain separate counts for indirect infringement (inducement or contributory infringement). The allegations focus on Defendant's direct infringement through its own making, using, and operating of the accused systems (Compl. ¶¶99, 130).
  • Willful Infringement: The complaint alleges willful infringement for all asserted patents, stating that infringement continued after Defendant had notice of the patents (Compl. ¶¶126, 162, 189, 224). The basis for knowledge is alleged to be, at a minimum, the service of the complaint itself. Plaintiff also alleges, in the alternative, that Defendant has been on notice since at least September 30, 2014, due to prosecution of its own patent applications where the asserted patents or their family members were cited (Compl. ¶227). The complaint further alleges willful blindness based on a purported policy or practice of not reviewing the patents of others (Compl. ¶228).

VII. Analyst’s Conclusion: Key Questions for the Case

This case presents a scenario where patents with early priority dates covering general data security concepts are asserted against a specific, later-developed industry standard. The outcome will likely depend on the court's resolution of several key questions:

  • A core issue will be one of technical translation: Can the patent-specific terminology, such as "categorical filters" and "select content," be persuasively mapped onto the practical components of the Sheltered Harbor financial data vaulting standard, such as "protection policies" and "critical account data"? The dispute may focus on whether the accused systems are merely a modern implementation of the patented concepts or a fundamentally different technological solution to a different problem.
  • A second key question will be one of architectural scope: Do the claims, particularly the "cloud-based" limitation in the ’169 Patent, read on the accused systems which are described as using "air-gapped," isolated, and potentially on-premises data vaults? The interpretation of these foundational terms will be critical in defining the boundaries of infringement.
  • Finally, a significant evidentiary question will be one of timing and intent: Plaintiff alleges that the financial industry took years to develop the Sheltered Harbor standard, suggesting the patented inventions were non-obvious solutions to long-felt needs (Compl. ¶29). Conversely, the fact that the standard was developed years after the patents' priority date without any apparent reference to them may support a defense of independent invention and non-infringement, turning the focus to the specific implementation details and whether they were actually taught by the patents.