DCT
2:24-cv-00320
DigitalDoors Inc v. Umb Bank NA
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: UMB Bank, N.A. (Missouri)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00320, E.D. Tex., 05/02/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical bank locations, and specifically targets customers there.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the Sheltered Harbor financial industry standard, infringe four patents related to methods for filtering, organizing, securing, and storing sensitive data in distributed computing systems.
- Technical Context: The technology concerns secure data vaulting for disaster recovery, a critical function in the financial services industry for protecting sensitive customer account information from catastrophic cyberattacks and ensuring operational continuity.
- Key Procedural History: The complaint alleges that the asserted patents are pioneering and and have been cited as relevant prior art in hundreds of subsequent U.S. patent applications from major technology and financial companies. It also alleges Defendant had pre-suit notice of the patents through citations made during the prosecution of its own, unrelated patent applications.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Patents-in-Suit |
| 2014-09-30 | Alleged date of Defendant's pre-suit notice of patents |
| 2015-01-01 | Sheltered Harbor initiative launched |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-05-02 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - “Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor,” Issued April 21, 2015
The Invention Explained
- Problem Addressed: The patent’s background describes deficiencies in prior art data management, including an inability to manage unstructured content, inefficiently classify sensitive data, secure vulnerable "open ecosystems," and address the changing sensitivity of information over its lifecycle (’301 Patent, col. 1:31-2:61).
- The Patented Solution: The invention proposes a method of organizing and processing data by moving beyond file-level security to content-level security. It uses a system of designated "categorical filters" to process a data input, identify and obtain "select content" based on predefined rules, and store that aggregated content in corresponding secure data stores. The system then associates specific data processes (e.g., copy, archive, extract) with the filtered content and applies those processes to subsequent data inputs, allowing for automated and policy-driven data management (’301 Patent, Abstract; col. 3:17-4:35).
- Technical Importance: The complaint alleges this approach was an unconventional shift in information management, focusing on the data content itself rather than the files containing it (Compl. ¶28).
Key Claims at a Glance
- The complaint asserts at least independent claim 25 (Compl. ¶99).
- Claim 25 of the ’301 Patent recites a method of organizing and processing data, including the elements of:
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one filter and processing a data input to obtain select content and associated select content (which is contextually or taxonomically associated).
- Storing the aggregated select content in a corresponding data store.
- Associating a data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
- Applying the associated data process to a further data input.
- Activating the filter via an automatic or manual activation, where automatic activation is time-based, condition-based, or event-based.
- The complaint’s prayer for relief is broad, suggesting the right to assert additional claims is reserved (Compl. p. 114-115).
U.S. Patent No. 9,734,169 - “Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores,” Issued August 15, 2017
The Invention Explained
- Problem Addressed: The patent addresses the need for secure data management in distributed computing systems, particularly in "open" enterprise environments where data is vulnerable to unauthorized access (’169 Patent, col. 1:63-2:20).
- The Patented Solution: The invention describes a method for a distributed, cloud-based system that separates sensitive data from non-sensitive data. The system extracts "security designated data" and stores it in secure "select content data stores" (like a vault), while parsing the "remainder data" and storing it in separate "granular data stores" (like production systems). Access to the sensitive data is strictly controlled, and the system provides for withdrawing data for restoration only when authorized (’169 Patent, Abstract).
- Technical Importance: This patent applies the core data-separation and content-filtering concepts to a cloud-based architecture, addressing security challenges inherent in remote and distributed data storage.
Key Claims at a Glance
- The complaint asserts at least independent claim 1 (Compl. ¶130).
- Claim 1 of the ’169 Patent recites a method for organizing and processing data in a distributed cloud-based system, including the elements of:
- Providing select content data stores, granular data stores, and a cloud-based server.
- Providing a communications network coupling these components.
- Extracting and storing security designated data in the select content data stores.
- Activating a data store to permit access based on access controls.
- Parsing remainder data not extracted and storing it in the granular data stores.
- Parsing and storing the remainder data randomly or according to a predetermined algorithm.
- Withdrawing the security designated data and parsed data from their respective stores only when access controls are applied.
- The complaint’s prayer for relief suggests the right to assert additional claims is reserved (Compl. p. 114-115).
Multi-Patent Capsule: U.S. Patent No. 10,182,073
- Patent Identification: U.S. Patent No. 10,182,073, “Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores,” Issued January 15, 2019.
- Technology Synopsis: This patent focuses on an information infrastructure that processes data using a plurality of filters. A key aspect is that the initially configured filters can be dynamically altered by expanding, contracting, or changing the classification of the content being filtered. The system then generates modified filters based on these alterations to organize further data throughput (’073 Patent, Abstract; col. 132:9-21).
- Asserted Claims: At least Claim 1 (Compl. ¶166).
- Accused Features: The complaint alleges that Sheltered Harbor-compliant systems, such as the Dell PowerProtect system, provide user interfaces that allow an enterprise to define, run, and modify existing protection policies, which allegedly corresponds to the claimed altering and generating of modified filters (Compl. ¶183, 185). A screenshot from a Dell instructional video shows a user interface for selecting and modifying filter options for generating reports (Compl. p. 94).
Multi-Patent Capsule: U.S. Patent No. 10,250,639
- Patent Identification: U.S. Patent No. 10,250,639, “Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls,” Issued April 2, 2019.
- Technology Synopsis: This patent describes a method for "sanitizing" data by processing it through a system with multiple sensitivity levels, each with an associated security clearance. The method involves extracting sensitive content and remainder data, storing them in respective secure stores, and then "inferencing" the sanitized data using content, contextual, and taxonomic filters to obtain refined results (’639 Patent, Abstract).
- Asserted Claims: At least Claim 16 (Compl. ¶193).
- Accused Features: The complaint maps this patent to the alleged use of priority filters, security levels, and access controls in the accused systems to manage and protect sensitive financial data. The "inferencing" element is alleged to be met by content scanning and data analytics performed by compliant systems (Compl. ¶198, 218, 221).
III. The Accused Instrumentality
- Product Identification: The "Accused Instrumentalities" are identified as systems and methods used by UMB for processing and backing up data, which are allegedly compliant with the "Sheltered Harbor" specification or are functionally equivalent (Compl. ¶96). The complaint frequently uses Dell's "PowerProtect Cyber Recovery" solution as a specific, exemplary embodiment of a Sheltered Harbor-compliant system (Compl. ¶72).
- Functionality and Market Context: The Sheltered Harbor specification is described as an industry-driven initiative launched in 2015 to enhance the U.S. financial system's resilience to cyberattacks (Compl. ¶63). Its core functionality involves extracting critical customer account data, converting it to a standard format, and storing it in a secure, immutable, and isolated "data vault" that is "air-gapped" from production and backup networks (Compl. ¶70, 77). The vault protects data from alteration or deletion and allows for restoration of critical banking services after a catastrophic event (Compl. ¶71, 76). The complaint includes a diagram illustrating the architecture of a Sheltered Harbor solution, showing a "Production Environment" where data is extracted and a separate, air-gapped "Data Vault Environment" where data is replicated and secured (Compl. p. 32). UMB is alleged to use such systems for regulatory compliance and to protect its business goodwill (Compl. ¶9, 17).
IV. Analysis of Infringement Allegations
9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed computing system having select content important to an enterprise... | Defendant’s data backup and recovery systems, which manage critical customer financial account data for the UMB enterprise. | ¶100, 102 | col. 13:28-34 |
| providing... a plurality of select content data stores operative with a plurality of designated categorical filters... | The accused systems provide a "data vault" with designated storage units, which operate with "protection policies" that allegedly function as the claimed categorical filters. | ¶105, 107 | col. 13:35-42 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content... | Activating the protection policies to extract critical financial account data from the data stream for protective vaulting. | ¶109-110 | col. 13:43-51 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store... | Storing the extracted critical account data in the corresponding storage units within the secure data vault. | ¶113-114 | col. 13:52-55 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... | The protection policies associate specific actions (e.g., backup, copy, archive) with the filtered data to be vaulted. | ¶116-117 | col. 13:56-62 |
| applying the associated data process to a further data input... | Once a protection policy is established, it is automatically applied to all subsequent data inputs, such as nightly backups. | ¶119-121 | col. 13:63-67 |
| activating a designated categorical filter, which encompasses an automatic activation... said automatic activation is time-based... or event-based. | The accused systems allegedly perform data backups automatically on a designated time interval (e.g., "each night") in accordance with the Sheltered Harbor standard. | ¶122, 124 | col. 14:1-6 |
- Identified Points of Contention:
- Scope Questions: A central question may be whether the "protection policies" of a modern disaster recovery system, which may apply to entire datasets (e.g., all VMs with a "finance" tag), constitute the "categorical filters" described in the patent. The defense may argue that the patent teaches a more granular, content-aware filtering (e.g., based on keywords, context, taxonomy) that is distinct from the alleged functionality.
- Technical Questions: The complaint's theory relies on mapping the Sheltered Harbor standard to the claims. A key factual question will be what UMB’s system actually does. For example, what evidence does the complaint provide that the system performs the specific step of "associating at least one data process" and then "applying" that same process to a "further data input" in the manner claimed, as opposed to simply performing a recurring backup job?
9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed cloud-based computing system... | The accused systems are alleged to be optionally implemented in cloud environments like AWS, Azure, or Google Cloud. | ¶131, 133 | col. 132:15-19 |
| providing... (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... | Allegedly, the "data vault" serves as the select content data stores, the production/backup systems serve as the granular data stores, and the system is deployed on cloud servers. | ¶137-141 | col. 132:20-27 |
| providing a communications network operatively coupling said plurality of select content data stores and cloud-based server... | The network that operatively couples the production environment and the isolated data vault, which includes a logical "air-gapped" connection. | ¶142-143 | col. 132:28-31 |
| extracting and storing said security designated data in respective select content data stores... | The process of extracting critical account information and storing it within the secure data vault. | ¶144-145 | col. 132:32-35 |
| activating at least one of said select content data stores... thereby permitting access... based upon an application of one or more of said access controls... | The data vault is allegedly safeguarded by security measures, including multi-factor authentication and credential-controlled access. | ¶149-150 | col. 132:36-41 |
| parsing remainder data not extracted... and storing the parsed data in respective granular data stores... | Data not identified as critical remains in the production and backup systems, outside the secure vault. The complaint highlights a diagram showing "Backup Workloads" in the production "Data Center" (Compl. p. 71). | ¶152-153 | col. 132:42-45 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls... | Restoration of vaulted data to the production environment is permitted only after satisfying strict security protocols and access controls. | ¶158-160 | col. 132:49-53 |
- Identified Points of Contention:
- Scope Questions: The claim requires a "cloud-based computing system." The defense may argue that an on-premise, air-gapped data vault, even if managed by cloud-like software, does not meet the common understanding of a "cloud-based" system, raising a question of claim scope.
- Technical Questions: What is the specific mechanism by which "remainder data" is "parsed"? The complaint alleges this is simply the data left behind in production systems. The defense may argue that this is not an active step of "parsing and storing" as required by the claim, but rather an omission of data from the vaulting process.
V. Key Claim Terms for Construction
The Term: "categorical filters" (from ’301 Patent, Claim 25)
Context and Importance: This term is foundational to the infringement theory for the ’301 patent. Its construction will determine whether the "protection policies" and rule-based systems described in the complaint fall within the scope of the claims. Practitioners may focus on this term because the defendant will likely argue that its system performs high-level data backup based on asset properties (like tags or location), not the granular, content-based filtering detailed in the patent.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent states that designated filters are used for enterprise policies such as "level of service policy, customer privacy policy, supplier privacy policy," and various regulatory policies (’301 Patent, col. 4:15-24). This language could support an interpretation that covers the high-level data protection policies of the accused systems.
- Evidence for a Narrower Interpretation: The specification provides numerous specific examples of filters, including "content-based filters, contextual filters, and taxonomic classification filters" (’301 Patent, col. 13:38-40) and describes a "knowledge expander" search engine used to build them (’301 Patent, col. 10:22-32). This could support a narrower construction limited to filters that perform semantic or contextual analysis of the data's content.
The Term: "parsing remainder data" (from ’169 Patent, Claim 1)
Context and Importance: This step is a key differentiator in the claimed method. Infringement requires that the accused system affirmatively "parses" and "stores" the data that is not extracted into the secure vault. The defendant may argue that its system simply copies select data to the vault and does nothing to the "remainder," meaning this claim element is not met.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent abstract describes the invention as separating data into "See-D data" (secure) and "granular data," implying that any data not designated as secure becomes, by definition, the "granular data" (or "remainder") that is handled separately. This may support an argument that the act of separation implicitly constitutes the claimed step.
- Evidence for a Narrower Interpretation: The claim uses the active verbs "parsing" and "storing." The patent describes parsing as a process that can involve breaking down data into its constituent parts (’169 Patent, col. 15:37-41). This may support an interpretation requiring an active manipulation or re-formatting of the remainder data, not just leaving it untouched in its original location.
VI. Other Allegations
- Indirect Infringement: The complaint does not contain separate counts for induced or contributory infringement, focusing instead on allegations of direct infringement by Defendant making, using, and controlling the accused systems (Compl. ¶99, 130, 166, 193).
- Willful Infringement: The complaint alleges willfulness on two grounds. First, it alleges that Defendant's infringement continued after it received notice of the patents via the service of the complaint (Compl. ¶126, 162, 189, 224). Second, in a dedicated count, it alleges pre-suit knowledge since at least September 30, 2014, based on the asserted patents being cited during the prosecution of Defendant's own patent applications. The complaint further alleges that Defendant has a policy or practice of "willfully blind[ing]" itself to the patent rights of others (Compl. ¶227-228).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the term "categorical filter," described in the patents with specific taxonomic and contextual analysis functions, be construed to cover the high-level "protection policies" and "tag-based rules" used in modern data vaulting systems like the accused Sheltered Harbor-compliant instrumentalities?
- A second central question will be one of technical mapping: does the accused data backup architecture, which is designed to create isolated, immutable copies of entire datasets for disaster recovery, actually perform the specific, multi-step claimed methods of actively "extracting" sensitive content, "parsing remainder data," and "storing" them in separate locations as taught in the patents, or is there a fundamental mismatch in technical operation?
- Finally, a key question for willfulness and damages will be one of pre-suit knowledge: can Plaintiff establish that Defendant had actual knowledge of the asserted patents based on their citation during the prosecution of its own unrelated patents, and does this rise to the level of conduct required for a finding of willful infringement?