DCT
2:24-cv-00783
DigitalDoors Inc v. Independent Bank Group Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Independent Bank Group, Inc. d/b/a Independent Bank (Texas)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00783, E.D. Tex., 09/25/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical branch locations and employees, and targets customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the Sheltered Harbor financial industry standard, infringe four patents related to methods for securely filtering, extracting, storing, and managing sensitive data in distributed computer systems.
- Technical Context: The technology concerns granular data security and management, a critical area for financial institutions that must protect sensitive customer account information from cyberattacks while ensuring continuity of operations.
- Key Procedural History: The complaint asserts that the patents-in-suit are "pioneering" and have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial companies. It also alleges Defendant was or should have been on notice of the patents due to infringement lawsuits filed by Plaintiff against competitor financial institutions.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all four Patents-in-Suit |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issues |
| 2015-01-01 | Sheltered Harbor initiative launched |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issues |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issues |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issues |
| 2024-09-25 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor
The Invention Explained
- Problem Addressed: At the time of invention, enterprises struggled to manage and secure sensitive information, particularly unstructured data, within increasingly open and vulnerable digital ecosystems (Compl. ¶28; ’301 Patent, col. 1:31-2:27). Existing systems lacked the ability to automatically categorize information, control access at a granular level, or manage the changing sensitivity of data over its lifecycle (Compl. ¶33; ’301 Patent, col. 2:28-61).
- The Patented Solution: The invention provides a method for organizing and processing data in a distributed system by using a plurality of "designated categorical filters" (e.g., content-based, contextual, taxonomic) to analyze a data input (’301 Patent, col. 3:33-41). These filters identify and obtain "select content" and "associated select content," which is then stored in corresponding data stores (’301 Patent, col. 4:1-8). The system then associates specific data processes—such as copying, extracting, or archiving—with the filtered data, allowing for automated and policy-driven data management (’301 Patent, col. 4:8-17).
- Technical Importance: The technology claims to shift data management from a file-based approach to a content-based one, enabling more granular control over sensitive information within a data stream (Compl. ¶28).
Key Claims at a Glance
- The complaint asserts infringement of at least independent Claim 25 (Compl. ¶99).
- The essential elements of Claim 25 include:
- A method of organizing and processing data in a distributed computing system having important "select content."
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one of the categorical filters and processing a data input through it to obtain select content and associated select content.
- Storing the aggregated select content in a corresponding data store.
- Associating at least one data process (from a group including copy, extract, archive, distribution, and destruction) with the activated filter.
- Applying the associated data process to a further data input based on the processing result.
- Activating the filter either automatically (e.g., time-based, condition-based) or manually.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 9,734,169 - Digital Information Infrastructure and Method for Securing Designated Data and with Granular Data Stores
The Invention Explained
- Problem Addressed: The patent addresses the need for secure data storage in distributed, potentially cloud-based, systems where sensitive data must be protected from unauthorized access while allowing for controlled recovery and use (’169 Patent, col. 1:11-2:4).
- The Patented Solution: The invention describes a method for a distributed, cloud-based computing system that segregates data into different types of stores for security (’169 Patent, Abstract). The system provides (i) "select content data stores" for security-designated data, (ii) "granular data stores" for other data, and (iii) a cloud-based server (’169 Patent, col. 132:15-23). The method involves extracting the sensitive ("security designated") data and storing it in the secure select content stores, while "parsing" the non-extracted "remainder data" and storing it separately in the granular data stores (’169 Patent, col. 132:24-32). Access to withdraw the secured data is permitted only through the application of access controls (’169 Patent, col. 132:33-38).
- Technical Importance: This approach provides security through separation, isolating critical data in a protected environment while leaving less sensitive data in more accessible production or backup systems (Compl. ¶152).
Key Claims at a Glance
- The complaint asserts infringement of at least independent Claim 1 (Compl. ¶130).
- The essential elements of Claim 1 include:
- A method of organizing and processing data in a distributed cloud-based computing system.
- Providing a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server, with each select content data store having access controls.
- Providing a communications network coupling the stores and the server.
- Extracting and storing security designated data in the select content data stores.
- Parsing remainder data not extracted and storing it in the granular data stores.
- Activating at least one select content data store to permit access based on applying one or more access controls.
- Withdrawing some or all of the security designated data and parsed data from their respective stores only when the access controls are applied.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 10,182,073 - Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores
- Technology Synopsis: The ’073 Patent describes a method for creating a data processing infrastructure that uses a plurality of initially configured filters to identify sensitive and select content within a data stream (’073 Patent, col. 132:58-67). A key aspect of the invention is the ability to dynamically alter these filters by expanding, contracting, or reclassifying the definitions of sensitive and select content, and then using these modified filters to organize subsequent data throughput (’073 Patent, col. 133:28-42).
- Asserted Claims: At least Claim 1 (Compl. ¶166).
- Accused Features: The complaint alleges that the Accused Instrumentalities infringe by providing a user interface that allows the enterprise to define, run, monitor, and modify "protection policies," which allegedly function as the claimed configurable filters (Compl. ¶183, ¶185-186). A screenshot from a Dell instructional video is provided to show a user interface for selecting and modifying filter options for generating reports (Compl. ¶183, p. 94).
U.S. Patent No. 10,250,639 - Information Infrastructure Management Data Processing Tools for Data Flow with Distribution Controls
- Technology Synopsis: The ’639 Patent discloses a method for "sanitizing" data by processing it through a system with multiple sensitivity levels and corresponding security clearances (’639 Patent, col. 129:6-15). The method involves extracting sensitive content from a data input, storing it in a secure "extract store," and leaving the "remainder data." The system then uses content, contextual, and taxonomic filters to "inference" the sanitized data to obtain new insights or classifications (’639 Patent, col. 132:15-22).
- Asserted Claims: At least Claim 16 (Compl. ¶193).
- Accused Features: The infringement theory focuses on the Sheltered Harbor systems' alleged use of filters to extract sensitive financial data and its use of data analytics to analyze, or "inference," the vaulted data for purposes of security and recovery (Compl. ¶218, ¶221).
III. The Accused Instrumentality
Product Identification
- The data backup and disaster recovery systems and methods used by Defendant Independent Bank Group, which are alleged to be compliant with the "Sheltered Harbor" industry standard or are functionally equivalent ("Accused Instrumentalities") (Compl. ¶96).
Functionality and Market Context
- The complaint alleges the Accused Instrumentalities implement the Sheltered Harbor specification, which is an industry-wide initiative to protect critical customer financial data from catastrophic cyberattacks (Compl. ¶63). The core functionality involves extracting critical account data from production systems, converting it into a standard format, and storing it in an "ultra secure," immutable, and "air-gapped" data vault that is physically or logically isolated from the bank's primary networks (Compl. ¶70, ¶77). This allows the bank to restore essential customer services even if its primary production and backup systems are compromised (Compl. ¶71). The complaint includes a diagram illustrating the Dell PowerProtect Cyber Recovery architecture, an endorsed Sheltered Harbor solution, which shows a "Production Environment" and a separate "Data Vault Environment" connected by a secure, air-gapped replication link (Compl. ¶73, p. 32). This architecture is alleged to embody the patented technologies (Compl. ¶73).
IV. Analysis of Infringement Allegations
'9015,301 Patent Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The Accused Instrumentalities provide a data vault with designated stores for select content, which is derived from the application of categorical filters established by the enterprise. | ¶105, ¶107 | col. 13:28-41 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... | The enterprise establishes and activates "protection policies" (the alleged categorical filters) to extract critical financial account information (the alleged select content) from the data stream. | ¶109-¶110 | col. 13:50-59 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store | The extracted critical account data is aggregated and stored in the secure data vault (the alleged corresponding data store). | ¶113-¶114 | col. 14:1-8 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... | Compliant enterprises associate processes like data copying and archiving with the select content to move it to the secure vault in accordance with Sheltered Harbor requirements. | ¶116-¶117 | col. 14:8-17 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter... | Once a protection policy is established, all subsequent data inputs are processed in the same way, such as nightly backups that are copied to the data vault. | ¶119, ¶121 | col. 14:18-24 |
| ...said activating a designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based. | Data processing occurs automatically at designated time intervals (e.g., nightly backups) or when new assets are detected (event-based). | ¶122, ¶124 | col. 14:40-52 |
- Identified Points of Contention:
- Scope Questions: A central question may be whether the "protection policies" used in modern data recovery systems like those compliant with Sheltered Harbor (Compl. ¶88) fall within the scope of the term "designated categorical filters" as described in the patent. The analysis may explore whether the accused policies perform the specific "content-based," "contextual," and "taxonomic" filtering functions detailed in the specification (’301 Patent, col. 13:34-36).
- Technical Questions: The complaint alleges that once a policy is established, "all further data inputs processed under the filter are processed in the same way" (Compl. ¶91, ¶117). A potential point of dispute is what evidence demonstrates that the accused system actually performs the claimed step of "applying the associated data process to a further data input based upon a result of said further data being processed" (emphasis added), which suggests a feedback mechanism that may or may not be present in a straightforward backup schedule.
'9734,169 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server... | The accused system includes a secure data vault (select content stores) and production/backup systems (granular data stores), and is alleged to be optionally implemented on cloud platforms like AWS, Azure, or Google Cloud. | ¶133, ¶137-¶140 | col. 3:28-4:4 |
| providing a communications network operatively coupling said plurality of select content data stores and cloud-based server. | The accused system comprises a communications network that couples the production and data vault environments, including via a "logical, air-gapped, dedicated connection." The complaint includes an architectural diagram showing this coupling. | ¶142, ¶92 | col. 4:5-8 |
| extracting and storing said security designated data in respective select content data stores. | The system extracts critical customer account data (security designated data) and stores it in the secure data vault (select content data stores). | ¶144, ¶147 | col. 4:9-11 |
| parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores. | Data not extracted remains in the production and backup systems (granular data stores), which are separate from the vault. A system diagram is cited showing "Production Workloads" as distinct from the "Cyber Recovery Vault." | ¶152-¶154, ¶78, p. 35 | col. 4:12-15 |
| activating at least one of said select content data stores... thereby permitting access to said select content data stores... based upon an application of one or more of said access controls... | Access to the data vault is safeguarded by security measures, including strict, credential-controlled access and multi-factor authentication. | ¶149-¶150 | col. 4:16-23 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. | Data can be withdrawn from the vault for restoration only upon satisfaction of strict security measures and access controls. | ¶158-¶160 | col. 4:24-27 |
- Identified Points of Contention:
- Scope Questions: The term "cloud-based computing system" may be a key point of dispute. A defendant could argue that its on-premises, air-gapped data vault is the antithesis of a "cloud-based" system, raising the question of whether the claim language reads on the accused architecture. The complaint preemptively addresses this by noting that compliant solutions are designed for cloud deployment (Compl. ¶133).
- Technical Questions: The infringement theory equates leaving data in the production environment with the claim step of "parsing remainder data... and storing the parsed data." The court may need to determine if merely selecting certain data for extraction and leaving the rest in its original location constitutes an affirmative act of "parsing" and "storing" the remainder as required by the claim.
V. Key Claim Terms for Construction
The Term: "designated categorical filters" (’301 Patent, Claim 25)
Context and Importance: This term is the core mechanism of the asserted claim. The infringement case hinges on whether the "protection policies" (Compl. ¶88) and "dynamic filters" (Compl. ¶91) of the accused Sheltered Harbor systems are properly characterized as "categorical filters."
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent summary states the system includes "content-based filters, contextual filters and taxonomic classification filters, all operatively coupled over a communications network" (’301 Patent, col. 3:34-37). This list may be read as exemplary, not exhaustive, potentially supporting a construction that covers any rule-based filter for selecting data based on its category or content.
- Evidence for a Narrower Interpretation: The detailed description provides specific examples, such as using a "Knowledge Expander (KE) search engine" and "hierarchical taxonomic" systems to build filters (’301 Patent, col. 10:22-32). A defendant may argue that this detailed disclosure limits the term to more sophisticated, learning-based filters, rather than the potentially simpler, static rules of a backup policy.
The Term: "distributed cloud-based computing system" (’169 Patent, Claim 1)
Context and Importance: The applicability of this claim to the accused system depends on whether the system, which includes an isolated, often on-premises, data vault, can be considered "cloud-based."
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not appear to provide a specific, limiting definition of "cloud-based." The term is used in conjunction with "distributed," suggesting the key feature is networked, non-centralized components, which could arguably describe a system with a separate production site and vault, even if on-premises. The abstract refers to a "cloud-based server" and a "communications network," which does not explicitly require a public cloud infrastructure like AWS or Azure. (’169 Patent, Abstract).
- Evidence for a Narrower Interpretation: Practitioners may focus on the common understanding of "cloud-based" at the time of the invention, which often implies remote, third-party-hosted, and internet-accessible infrastructure. A defendant could argue that an "air-gapped" vault (Compl. ¶77) is fundamentally inconsistent with this meaning because its primary feature is isolation from networks, not availability through them.
VI. Other Allegations
- Willful Infringement: The complaint alleges that Defendant has been on notice of the patents since at least the date of service of the complaint (Compl. ¶227). It further alleges that Defendant was or should have been aware of the patents as early as November 21, 2023, due to Plaintiff’s infringement lawsuits against "competitor financial institutions" (Compl. ¶227). The complaint also alleges, on information and belief, that Defendant maintains a policy or practice of not reviewing the patents of others, constituting willful blindness (Compl. ¶228).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can patent-era terms like "categorical filters" and "cloud-based system," be construed to cover modern, industry-standard technologies like "protection policies" and "air-gapped data vaults" that were developed years after the patents' priority date?
- A key evidentiary question will be one of functional mapping: does the accused system's process of isolating critical data in a secure vault and leaving the rest in production systems constitute the specific, multi-step claim elements of "extracting" select data, and affirmatively "parsing" and "storing" the remainder data?
- The case may also present a question of temporal interpretation: how will the court reconcile Plaintiff's argument that the later development of the Sheltered Harbor standard is evidence of the patents' non-obviousness with the potential defense argument that this same timeline demonstrates the inventors could not have conceived of the specific accused architecture, suggesting a mismatch in claim scope?