DCT

2:24-cv-00781

DigitalDoors Inc v. First Foundation Bank

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00781, E.D. Tex., 09/25/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical branch locations, and specifically targets customers within the district for its financial services.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry’s "Sheltered Harbor" standard, infringe four patents related to methods for securely identifying, extracting, storing, and managing sensitive data in distributed computing environments.
  • Technical Context: The technology concerns systems for data security and survivability, particularly for protecting critical information from cyberattacks by isolating sensitive data in secure, air-gapped storage vaults—a practice of significant importance to the financial services industry.
  • Key Procedural History: The complaint asserts that the patents-in-suit are "pioneering" and have been cited as prior art in hundreds of subsequent patent applications by major technology and financial services companies. No prior litigation, licensing history, or post-grant proceedings for the asserted patents are mentioned in the complaint.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all Patents-in-Suit
2015-04-21 U.S. Patent No. 9,015,301 Issued
2015-01-01 Sheltered Harbor Initiative Launched (Accused Standard)
2017-08-15 U.S. Patent No. 9,734,169 Issued
2019-01-15 U.S. Patent No. 10,182,073 Issued
2019-04-02 U.S. Patent No. 10,250,639 Issued
2024-09-25 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools with Extractor, Secure Storage, Content Analysis and Classification and Method Therefor"

The Invention Explained

  • Problem Addressed: The patent’s background describes the difficulty enterprises faced in managing and securing sensitive information scattered across both structured and unstructured data formats, particularly within "open ecosystems" where many users have access (Compl. ¶28; ’301 Patent, col. 1:60-2:8). Conventional, file-based security was deemed inadequate for managing information at the more granular content level (Compl. ¶28; ’301 Patent, col. 1:31-38).
  • The Patented Solution: The invention proposes a method of organizing and processing data by using a system of filters (e.g., categorical, contextual, taxonomic) to automatically identify and extract specific, important data ("select content") from a larger data stream. This select content is then stored in designated secure data stores, and specific data processes (like copying or archiving) are associated with it, allowing for granular, content-based security and management rather than file-based control (Compl. ¶27; ’301 Patent, Abstract; ’301 Patent, col. 3:17-4:35).
  • Technical Importance: This approach represented a shift from managing entire data files to managing the sensitive content within those files, enabling more sophisticated and automated data security policies for disaster recovery and information control (Compl. ¶12).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent claim 25 (’301 Patent, col. 131:38-132:20; Compl. ¶99).
  • The essential elements of Claim 25 include:
    • Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one filter and processing a data input through it to obtain "select content" and "associated select content."
    • Storing the resulting "aggregated select content" in a corresponding data store.
    • Associating at least one data process (e.g., copy, extract, archive) with the activated filter.
    • Applying that data process to a subsequent data input processed by the filter.
    • The activation of the filter can be automatic (time-based, condition-based, or event-based) or manual.
  • The complaint does not explicitly reserve the right to assert dependent claims for the ’301 Patent.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"

The Invention Explained

  • Problem Addressed: The patent addresses the need for secure data management in distributed, cloud-based computing systems where sensitive data must be protected but accessible under strict controls. The challenge lies in separating highly sensitive data for secure storage while managing the less sensitive "remainder" data. (’169 Patent, col. 2:3-13).
  • The Patented Solution: The invention describes a cloud-based system that uses filters to extract security-designated data and store it in a plurality of secure "select content data stores." The non-extracted "remainder data" is parsed and stored separately in "granular data stores." A cloud-based server manages access controls for the secure data, ensuring it can only be withdrawn when proper authorization is present, thereby isolating the most critical information. (’169 Patent, Abstract; ’169 Patent, col. 3:28-4:1).
  • Technical Importance: The patent provides a specific architecture for enhancing data security in a cloud environment by physically or logically separating data based on sensitivity into different storage locations governed by distinct access controls (Compl. ¶131, ¶137).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent claim 1 (’169 Patent, col. 131:13-132:4; Compl. ¶130).
  • The essential elements of Claim 1 include:
    • Providing a distributed cloud-based system with (i) select content data stores, (ii) granular data stores, and (iii) a cloud-based server.
    • Coupling these components via a communications network.
    • Extracting and storing security-designated data in the select content data stores.
    • Activating a select content data store to permit access based on applied access controls.
    • Parsing the "remainder data" (not extracted) and storing it in the granular data stores.
    • Parsing and storing the remainder data can be done randomly or according to a predetermined algorithm.
    • Withdrawing data from any store is only permitted when the respective access controls are applied.
  • The complaint does not explicitly reserve the right to assert dependent claims for the ’169 Patent.

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores"

  • Technology Synopsis: This invention discloses a method for creating a data processing infrastructure using a plurality of filters to identify and separate sensitive content from a data stream into secure data stores. A key aspect is the ability to dynamically alter, expand, contract, or reclassify these filters, allowing the system to adapt to evolving data and security requirements. (Compl. ¶167, ¶182; ’073 Patent, Abstract).
  • Asserted Claims: Independent claim 1 is asserted (Compl. ¶166).
  • Accused Features: The accused systems allegedly infringe by using configurable "protection policies" to identify critical financial data and by providing a user interface that allows the enterprise to modify these policies, thereby altering the filtering and data handling rules (Compl. ¶183, ¶185).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls"

  • Technology Synopsis: This invention describes a method for "sanitizing" data by processing a data input to extract sensitive content based on predefined sensitivity levels and security clearances. The extracted sensitive data is stored in secure "extract stores," while the non-extracted "remainder data" is stored separately, creating a sanitized version of the data that can be used for analysis or reconstruction according to security rules. (Compl. ¶194, ¶215; ’639 Patent, Abstract).
  • Asserted Claims: Independent claim 16 is asserted (Compl. ¶193).
  • Accused Features: The accused systems allegedly perform the claimed sanitization by extracting critical account data for storage in a secure vault while leaving the remaining data in the production environment. The system then allegedly uses filters (content, contextual, taxonomic) to analyze, or "inference," the vaulted data (Compl. ¶212, ¶218).

III. The Accused Instrumentality

Product Identification

The Accused Instrumentalities are the data processing systems and methods used by Defendant First Foundation Bank that are compliant with the “Sheltered Harbor” industry standard for data backup and disaster recovery, or are functionally equivalent thereto (Compl. ¶96). The complaint identifies the Dell PowerProtect Cyber Recovery solution as an exemplary system that satisfies the Sheltered Harbor standard (Compl. ¶72).

Functionality and Market Context

  • The complaint alleges the accused systems create secure, segmented, and isolated backups of critical financial data to ensure operational continuity after a severe cyberattack (Compl. ¶70, ¶73). The core functionality involves extracting critical customer account data from production systems, converting it into a standardized format, and storing it in a secure, immutable, and "air-gapped" data vault (Compl. ¶71, ¶74, ¶77). A diagram provided in the complaint illustrates this architecture, showing data extraction from a "Production Environment" and secure replication to an isolated "Data Vault Environment" (Compl. ¶73).
  • The Sheltered Harbor standard is described as a critical, industry-wide initiative launched in 2015 to protect the stability of U.S. financial markets, with compliance recognized and encouraged by industry regulators (Compl. ¶63, ¶95).

IV. Analysis of Infringement Allegations

9,015,301 Patent Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
a method of organizing and processing data in a distributed computing system... said method comprising: providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... Defendant’s system provides a “data vault” with multiple designated storage units that are operative with “protection policies” which act as categorical filters for identifying critical financial data. ¶105, ¶107 col. 3:35-42
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... as aggregated select content; The system activates protection policies (filters) to extract critical financial account information (select content) from daily data inputs. This extracted data is aggregated. ¶109, ¶110 col. 3:56-62
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; The aggregated critical account data is stored in the secure data vault, which is the corresponding data store for the applied protection policy. ¶113, ¶114 col. 4:1-4
and for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process; The system associates data processes, such as backup (copying) and vaulting (archiving), with the select content identified by the activated protection policies. ¶116, ¶117 col. 4:5-12
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter utilizing said aggregated select content data; Once a protection policy is established, it is automatically applied to all subsequent data inputs (e.g., nightly backups) to copy and vault the critical data in the same way. ¶119, ¶121 col. 4:13-19
wherein activating said designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based. The system’s backup and vaulting processes are activated automatically on a time-based schedule (e.g., nightly) or upon the detection of new data (event-based). ¶122, ¶124 col. 14:38-47

Identified Points of Contention

  • Scope Questions: A central question may be whether the "protection policies" and rules used in Sheltered Harbor-compliant systems, which are configured by the financial institution, meet the legal definition of the patent's "designated categorical filters." The analysis may explore whether the accused policies function as the claimed content-based, contextual, or taxonomic filters.
  • Technical Questions: The claim requires "applying the associated data process to a further data input based upon a result of said further data being processed." The court may need to determine what evidence shows that the outcome of one data processing cycle (e.g., a nightly backup) informs or is utilized by the next cycle in the specific manner required by the claim.

9,734,169 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... The accused system is alleged to be cloud-based and comprises a secure data vault (select content stores) and production/backup systems (granular data stores), all managed by servers. A diagram shows "Backup Workloads" as granular stores. ¶133, ¶137, ¶140, ¶153 col. 3:41-49
extracting and storing said security designated data in respective select content data stores; The system extracts critical customer account data and stores it in the secure, air-gapped data vault. ¶144, ¶145 col. 3:51-53
activating at least one of said select content data stores in said cloud-based computing system thereby permitting access to said select content data stores and respective security designated data based upon an application of one or more of said access controls thereat; Access to the data vault is strictly controlled by security credentials and multi-factor authentication, which function as the claimed access controls. ¶149, ¶150 col. 3:54-58
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores; Data not extracted as critical is left as "remainder data" in the production and backup systems, which are alleged to be the "granular data stores." A diagram shows these production-side stores. ¶152, ¶153, ¶154 col. 3:59-62
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. Data can only be withdrawn from the vault for restoration upon satisfaction of strict access controls. ¶158, ¶159, ¶160 col. 4:1-4

Identified Points of Contention

  • Scope Questions: A primary dispute may arise over whether the standard production and backup systems where non-critical data resides can be properly characterized as the claimed "granular data stores." A defendant might argue that the patent contemplates a more specific type of storage for "remainder data" rather than simply the original production environment.
  • Technical Questions: The complaint alleges the accused system is "cloud-based" (Compl. ¶133). A key factual question will be what evidence demonstrates that Defendant's specific implementation uses a "cloud-based server" and architecture that meets the claim's requirements, as opposed to a purely on-premises solution.

V. Key Claim Terms for Construction

  • The Term: "plurality of designated categorical filters" (’301 Patent, Claim 25)

  • Context and Importance: This term is fundamental to the infringement allegation against the ’301 Patent. The Plaintiff’s theory equates the "protection policies" and rules of the Sheltered Harbor system with these "filters." The case may depend on whether this construction is adopted. Practitioners may focus on this term because the accused system’s policies define what data to protect, which is the core function of the claimed filters.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification states that designated filters can screen for policies such as "level of service policy, customer privacy policy, enterprise human resource privacy policy," suggesting the term covers high-level, enterprise-defined rules beyond simple keyword matching (’301 Patent, col. 4:15-22).
    • Evidence for a Narrower Interpretation: The detailed description provides specific examples of filters, including "content-based filters, contextual filters, and taxonomic classification filters" (’301 Patent, col. 13:34-37). A defendant could argue the term should be limited to these enumerated types of technical filters.

  • The Term: "granular data stores" (’169 Patent, Claim 1)

  • Context and Importance: The infringement theory for the ’169 Patent depends on classifying the defendant's production and backup systems—where non-critical data remains—as "granular data stores." If this term is construed more narrowly, the infringement argument may be weakened.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The patent's abstract distinguishes between "select content data stores" for "security designated data" and "granular data stores" for "remainder data," which may suggest a broad interpretation where any storage for non-selected data qualifies (’169 Patent, Abstract).
    • Evidence for a Narrower Interpretation: The specification discusses dispersing data into "smaller and more granular pieces" to different storage locations to reduce security risks, which suggests a more active process of breaking up and storing data rather than simply leaving it in its original production environment (’169 Patent, col. 15:35-40).

VI. Other Allegations

Indirect Infringement

The complaint focuses on allegations of direct infringement, asserting that Defendant "makes, owns, operates, uses, or otherwise exercises control over" the accused systems (Compl. ¶96). No separate counts for induced or contributory infringement are included.

Willful Infringement

The complaint alleges that Defendant has been on notice of the patents at least since the filing of the complaint. It further alleges that Defendant knew or should have known of the patents as of November 21, 2023, due to awareness of similar lawsuits against competitors. The complaint also alleges a policy or practice of "willfully blind[ing]" itself to the patent rights of others (Compl. ¶227-228).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the patent term "categorical filter," which is described in the patents with technical examples like taxonomic and contextual analysis, be construed broadly enough to read on the high-level "protection policies" configured by a financial institution in a modern data backup system?
  • A central factual dispute will likely be one of architectural mapping: does the accused practice of isolating critical data in a secure vault while leaving "remainder data" in the original production and backup environment constitute the specific claimed architecture of providing separate "select content data stores" and "granular data stores"?
  • The case may also turn on an evidentiary question concerning the Defendant’s specific infrastructure: what evidence will demonstrate that the accused systems are "cloud-based" as required by the ’169 patent and that their automated, policy-driven operations directly map to the multi-step processes recited in the asserted claims?