DCT
2:24-cv-00317
DigitalDoors Inc v. PNC Bank NA
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: PNC Bank, N.A. (Pennsylvania)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00317, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical branch locations, and specifically targets customers there.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the "Sheltered Harbor" industry standard, infringe four patents related to methods for securely identifying, extracting, storing, and managing sensitive data in a distributed computing environment.
- Technical Context: The technology at issue addresses secure data vaulting for disaster recovery, a critical function for the financial services industry in an era of heightened cybersecurity threats and stringent regulatory requirements.
- Key Procedural History: The complaint alleges Defendant had pre-suit knowledge of the patents-in-suit as early as September 30, 2014, due to their citation during the prosecution of Defendant's own patent applications, a fact which may become central to the plaintiff's allegations of willful infringement.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Patents-in-Suit |
| 2014-09-30 | Alleged Date of Pre-Suit Notice to Defendant |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2015-01-01 | "Sheltered Harbor" Initiative Launched (approx.) |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-05-02 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301
- Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Classification And Method Therefor," issued April 21, 2015.
- The Invention Explained:
- Problem Addressed: The patent describes a technical landscape where enterprises operated in "open ecosystems" vulnerable to security breaches and were unable to effectively manage or classify sensitive content within both structured and unstructured data files, particularly as the sensitivity of that data changed over its lifecycle (’301 Patent, col. 1:31-38, 2:3-27, 2:28-61).
- The Patented Solution: The invention provides a method and system for organizing and processing data in a distributed system by using a set of "categorical filters" (e.g., content-based, contextual, taxonomic) to identify and obtain "select content" from a data input. Once identified, this select content is associated with a data process (such as copying, archiving, or extracting) and stored in a corresponding data store. This allows for granular, policy-based control over sensitive information, moving beyond simple file-level security. (’301 Patent, Abstract; col. 3:17-4:35).
- Technical Importance: This content-centric approach to data security represented a shift from managing data files to managing the information itself, enabling more sophisticated and flexible data protection policies. (Compl. ¶29).
- Key Claims at a Glance:
- The complaint asserts at least independent claim 25. (Compl. ¶99).
- Essential Elements of Claim 25 (Method):
- Providing a distributed computing system with a plurality of select content data stores and designated categorical filters.
- Activating at least one categorical filter and processing a data input through it to obtain select content.
- The obtained select content is contextually or taxonomically associated.
- Storing the aggregated select content in a corresponding data store.
- Associating at least one data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
- Applying the associated data process to a further data input based on the results of that further data being processed by the filter.
- The filter activation is automatic or manual, and can be time-based, condition-based, or event-based.
U.S. Patent No. 9,734,169
- Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores," issued August 15, 2017.
- The Invention Explained:
- Problem Addressed: The patent addresses the need to secure designated data within a distributed computing system by separating sensitive information from non-sensitive information and storing it in different, access-controlled locations to enhance security. (’169 Patent, col. 1:50-65).
- The Patented Solution: The invention describes a method for a distributed, cloud-based system that provides different types of data stores: "select content data stores" for security-designated data and "granular data stores" for other data. The system extracts the sensitive data, stores it securely with access controls, and then parses the "remainder data" for separate storage. This bifurcated storage approach makes it more difficult for an unauthorized party to access the complete, sensitive information. (’169 Patent, Abstract; col. 3:28-4:26).
- Technical Importance: This method provides an architectural solution for data security by physically or logically separating sensitive data fragments, enhancing resilience against breaches compared to systems where all data is co-located. (Compl. ¶53).
- Key Claims at a Glance:
- The complaint asserts at least independent claim 1. (Compl. ¶130).
- Essential Elements of Claim 1 (Method):
- Providing a distributed cloud-based system with: a plurality of select content data stores for security-designated data, a plurality of granular data stores, and a cloud-based server, with access controls at each select content data store.
- Providing a communications network coupling the stores and the server.
- Extracting and storing the security-designated data in the select content data stores.
- Activating at least one select content data store to permit access based on applying access controls.
- Parsing "remainder data" not extracted from the processed data.
- Storing the parsed remainder data in the granular data stores.
- Withdrawing data from the stores only when the respective access controls are applied.
Multi-Patent Capsule: U.S. Patent No. 10,182,073
- Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools With Variable And Configurable Filters And Segmental Data Stores," issued January 15, 2019.
- Technology Synopsis: This patent focuses on creating a data processing infrastructure that uses an initial set of filters to identify sensitive and select content. A key aspect of the invention is the subsequent step of altering or modifying these filters (e.g., by expanding or contracting their scope) and then generating new, modified filters to organize further data throughput. (’073 Patent, Abstract).
- Asserted Claims: At least independent claim 1. (Compl. ¶166).
- Accused Features: The complaint alleges that PNC's data vaulting systems, which use configurable and modifiable "protection policies" to define the data to be extracted and vaulted, infringe this patent. (Compl. ¶182-183, 185).
Multi-Patent Capsule: U.S. Patent No. 10,250,639
- Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Data Processing Tools For Data Flow With Distribution Controls," issued April 2, 2019.
- Technology Synopsis: This patent describes a method for "sanitizing" data by extracting sensitive content based on a plurality of sensitivity levels, each with an associated security clearance. The system extracts sensitive data and stores it in a secure location, leaving "remainder data." It then uses content, contextual, and taxonomic filters to "inference" the sanitized data, providing a way to analyze or use data from which sensitive information has been removed. (’639 Patent, Abstract).
- Asserted Claims: At least independent claim 16. (Compl. ¶193).
- Accused Features: The accused systems allegedly infringe by extracting "critical account information" (sensitive content) for secure storage in a data vault, thereby creating sanitized versions of data, and using filters to manage and process this data. (Compl. ¶215, 218).
III. The Accused Instrumentality
- Product Identification: The "Accused Instrumentalities" are identified as systems and methods used by PNC for processing data in a distributed system that are either compliant with the "Sheltered Harbor" specification or provide "substantially equivalent functionality." (Compl. ¶96).
- Functionality and Market Context: The complaint alleges the accused systems provide secure data vaulting for disaster recovery, a critical industry standard for financial institutions. The core functionality involves extracting "critical customer account data," converting it to a standard format, and storing it in a secure, immutable, and isolated "data vault." (Compl. ¶63, 70, 77). This process is allegedly managed through "protection policies" that define what data to back up and how. (Compl. ¶88). The complaint includes a diagram illustrating the Dell PowerProtect Cyber Recovery for Sheltered Harbor architecture, which shows a "Production Environment" where data is extracted and a separate, air-gapped "Data Vault Environment" where replicated data is stored and processed. (Compl. ¶73, p. 32). This architecture is designed to protect critical data from cyberattacks and ensure it can be restored to maintain business continuity. (Compl. ¶65, 74).
IV. Analysis of Infringement Allegations
U.S. Patent No. 9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed computing system having select content important to an enterprise... | PNC, the enterprise, operates a distributed system to manage and protect critical customer account data (select content). | ¶100, 102 | col. 13:25-31 |
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The accused Sheltered Harbor system provides a "data vault" (data stores) intended to house content derived from designated "protection policies" (categorical filters) established by the enterprise. A diagram shows multiple data stores, including Backup, Copy, Lock, and Analyze within the vault. | ¶105-107; p. 53 | col. 13:32-40 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... which associated select content is at least one of contextually associated select content and taxonomically associated select content... | The system activates "protection policies" to filter data for vaulting. This filtering is allegedly based on contextual or taxonomic associations, such as grouping assets using metadata tags (e.g., tags related to a "finance department"). | ¶109-111 | col. 13:41-48 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; | The system stores the extracted critical account data in corresponding storage units or "data trees" within the data vault. | ¶113-114 | col. 13:49-51 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process. | Compliant systems associate data processes like backup (copy/archive) with the selected content to move it to the data vault in accordance with Sheltered Harbor's technical requirements. | ¶116-117 | col. 13:52-58 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... | Once a protection policy is established, all subsequent data inputs matching the filter are processed in the same way (e.g., nightly backups). | ¶119, 121 | col. 13:59-63 |
| activating a designated categorical filter, which encompasses an automatic activation... and said automatic activation is time-based, distributed computer system condition-based, or event-based. | Processing occurs automatically at a designated time interval (e.g., "each night"), upon a designated condition (e.g., "when new assets are detected"), or event. | ¶122, 124 | col. 14:1-5 |
U.S. Patent No. 9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data... in a distributed cloud-based computing system... | The accused systems are allegedly implemented as cloud-based or in cloud-compatible architectures (e.g., on AWS, Azure, Google Cloud). | ¶131, 133 | col. 132:15-16 |
| providing... (i) a plurality of select content data stores for respective ones of a plurality of security designated data; and (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat. | The Sheltered Harbor architecture includes a secure "data vault" (select content data stores) and a "production environment" with backup systems (granular data stores), with access to the vault controlled by security credentials and multi-factor authentication. | ¶137-141 | col. 132:17-23 |
| extracting and storing said security designated data in respective select content data stores. | The system extracts critical financial account data and stores it in the secure data vault. The complaint provides a diagram from a Dell Solution Brief showing this data extraction and storage process. | ¶144-145; p. 105 | col. 132:27-29 |
| activating at least one of said select content data stores...thereby permitting access to said select content data stores...based upon an application of one or more of said access controls thereat. | Access to the data vault is permitted only upon satisfaction of strict security measures, such as credentialed access and multi-factor authentication. | ¶149-150 | col. 132:30-34 |
| parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores. | Data not extracted for the vault remains in the production and backup systems (granular data stores). A diagram from the Dell PowerProtect Solution Brief is referenced to show production workloads stored separately from the cyber recovery vault. | ¶152-153; p. 78 | col. 132:35-38 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. | Data is withdrawn from the vault to a "restoration platform" only upon satisfaction of strict security and access controls. | ¶158-159 | col. 132:42-46 |
- Identified Points of Contention:
- Scope Questions: A central issue may be whether the term "categorical filters" as described in the ’301 patent (e.g., content, contextual, taxonomic) can be construed to read on the "protection policies" and "dynamic filters" alleged to be used by the accused systems. Similarly, for the ’169 patent, the scope of "distributed cloud-based computing system" will be at issue, as the accused systems are described as deployable on-premises, in a hybrid environment, or in a public cloud. (Compl. ¶73, 133).
- Technical Questions: The infringement theory relies on mapping the architecture of the industry-standard "Sheltered Harbor" framework onto the specific claim elements. This raises the evidentiary question of whether the accused systems implemented by PNC actually perform each of the claimed steps—such as "parsing remainder data" or "inferencing... sanitized data"—in the manner required by the claims, or if there are material operational differences between the patented methods and the accused disaster recovery systems.
V. Key Claim Terms for Construction
The Term: "categorical filters" (’301 Patent, Claim 25)
Context and Importance: This term is foundational to the infringement allegation against the ’301 patent. The complaint equates this term with the "protection policies" used in Sheltered Harbor-compliant systems to identify critical data for vaulting. (Compl. ¶105, 107). The viability of the infringement case will depend heavily on whether this interpretation is adopted.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification states that "designated categorical filters are used to store select content relative to the category in certain SC stores" and lists a wide range of enterprise policies that could inform these filters, such as customer privacy, financial data handling, and legal compliance. (’301 Patent, col. 11:53-67). This may support an argument that the term encompasses any policy-based rule for selecting data.
- Evidence for a Narrower Interpretation: The summary of the invention and detailed description repeatedly refer to specific types of filters, such as "content-based filters, contextual filters and taxonomic classification filters." (’301 Patent, col. 3:39-41). A defendant may argue that the term should be limited to these specific, enumerated types of analytical filters, rather than any general-purpose business rule.
The Term: "parsing remainder data" (’169 Patent, Claim 1)
Context and Importance: The claim requires that data not extracted is then "parsed" and stored separately. The complaint alleges this is met by the accused system's architecture, where non-extracted data remains in the production environment. (Compl. ¶152-153). Whether simply leaving data in its original location and format constitutes "parsing" and "storing" as claimed will be a key dispute.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition of "parsing." A plaintiff might argue for its plain and ordinary meaning, which could be as simple as analyzing or resolving data into its components, a process that arguably occurs during routine backup operations in the production environment.
- Evidence for a Narrower Interpretation: The specification describes a system for splitting a document "into granular parts for security and other reasons," which suggests an active process of breaking data down. (’169 Patent, col. 17:58-62). A defendant may argue that "parsing" requires more than simply not extracting the data; it requires an affirmative act of processing or segmenting the "remainder data" that does not occur in the accused systems.
VI. Other Allegations
- Willful Infringement: The complaint alleges that Defendant has been on notice of the patents-in-suit since at least September 30, 2014, "by virtue of patent prosecution arguments made in the United States Patent and Trademark Office during prosecution of Defendant's own patent applications," which allegedly cited the asserted patents. (Compl. ¶227). It further alleges that Defendant has a policy of "willfully blind[ing]" itself to the patent rights of others. (Compl. ¶228).
VII. Analyst’s Conclusion: Key Questions for the Case
- Definitional Scope: A core issue will be one of definitional scope: can the term "categorical filter," which the patents describe with specific examples like taxonomic and contextual analysis, be construed broadly enough to read on the "protection policies" used in modern, industry-standard disaster recovery systems like those compliant with Sheltered Harbor? The outcome of this question may determine whether a system developed years after the patent's priority date infringes.
- Architectural Mapping: A central evidentiary question will be one of architectural mapping: does the accused two-part "Production Environment" and "Data Vault" architecture, as described in the complaint, actually perform the specific steps of the asserted method claims, such as the affirmative "parsing and storing" of "remainder data" required by the '169 patent, or is there a fundamental mismatch in technical operation?
- Pre-Suit Knowledge and Willfulness: The allegation that Defendant was on notice of the patents-in-suit due to their citation during the prosecution of its own patents creates a significant question regarding pre-suit knowledge and potential willfulness. The case may turn on evidence of what Defendant knew, what internal policies it had regarding the intellectual property of others, and whether its actions following this alleged notice were objectively reckless.