DCT

2:24-cv-00785

DigitalDoors Inc v. Trumark Financial Credit Union

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: DigitalDoors Inc v. [TruMark Financial Credit Union](https://ai-lab.exparte.com/party/trumark-financial-credit-union), 2:24-cv-00785, E.D. Tex., 09/25/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including through "shared locations," and specifically targets customers within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are compliant with or equivalent to the "Sheltered Harbor" financial industry standard, infringe four patents related to methods for securely filtering, processing, and storing sensitive data in distributed computer systems.
  • Technical Context: The technology concerns secure data management architectures designed to ensure operational continuity for enterprises by isolating and protecting critical data from catastrophic events like cyberattacks.
  • Key Procedural History: The complaint asserts that the patents-in-suit are pioneering and have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial services companies. No prior litigation or post-grant proceedings involving the patents are mentioned.

Case Timeline

Date Event
2007-01-05 Earliest Priority Date for all four Patents-in-Suit
2015-01-01 Sheltered Harbor industry initiative launched
2015-04-21 U.S. Patent No. 9,015,301 Issued
2017-08-15 U.S. Patent No. 9,734,169 Issued
2019-01-15 U.S. Patent No. 10,182,073 Issued
2019-04-02 U.S. Patent No. 10,250,639 Issued
2024-09-25 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Classification And Method Therefor," issued April 21, 2015 (’301 Patent)

The Invention Explained

  • Problem Addressed: The patent describes conventional enterprise systems as "open ecosystems" that are vulnerable to attack, with inadequate tools for managing unstructured content, classifying sensitive data, or addressing the changing value of information over its lifecycle (’301 Patent, col. 1:60-2:61).
  • The Patented Solution: The invention proposes a method of organizing and processing data by using a plurality of "designated categorical filters" (e.g., content-based, contextual, taxonomic) to identify and extract "select content" from a data stream. This extracted content is stored in corresponding secure data stores, and specific data processes (such as copying, archiving, or destruction) are associated with the filters and can be applied automatically to subsequent data. (’301 Patent, Abstract; col. 3:17-4:35). The system architecture shifts data management from the file level to the more granular content level.
  • Technical Importance: The claimed approach provided a more automated and granular method for securing sensitive data within large, distributed information systems, moving beyond conventional file-level security protocols (Compl. ¶28, ¶36).

Key Claims at a Glance

  • The complaint asserts independent claim 25 (’301 Patent, col. 131:24-132:20; Compl. ¶97).
  • Claim 25 recites a method of organizing and processing data, comprising the key steps of:
    • Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
    • Activating at least one filter and processing a data input through it to obtain select content.
    • Storing the resulting aggregated select content in a corresponding data store.
    • Associating a data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
    • Applying that associated data process to a further data input processed by the filter.
    • Wherein activating the filter includes an automatic activation that is time-based, condition-based, or event-based.

U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores," issued August 15, 2017 (’169 Patent)

The Invention Explained

  • Problem Addressed: The patent addresses the need to securely store critical data in a distributed or cloud-based environment to ensure it can be recovered after a system failure or attack, while maintaining strict access controls (’169 Patent, col. 1:45-56).
  • The Patented Solution: The invention claims a method for a distributed, cloud-based computing system that extracts security-designated "select content" and stores it in secure, access-controlled data stores. "Remainder data" that is not extracted is parsed and stored separately in "granular data stores." A cloud-based server manages the communications network and enforces access controls, permitting withdrawal of the secured data only upon proper authorization. (’169 Patent, Abstract; col. 4:26-44).
  • Technical Importance: This architecture provides a framework for physically or logically isolating an enterprise's most critical data in a secure vault, enhancing data survivability and resilience against widespread system compromise (Compl. ¶¶129, 131).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (’169 Patent, col. 132:11-53; Compl. ¶128).
  • Claim 1 recites a method of organizing and processing data in a distributed cloud-based system, comprising the key steps of:
    • Providing select content data stores, granular data stores, and a cloud-based server, all coupled via a communications network.
    • Extracting and storing security-designated data in the select content data stores.
    • Activating a select content data store to permit access based on access controls.
    • Parsing remainder data not extracted and storing it in the granular data stores, where the parsing includes both random and predetermined algorithmic methods.
    • Withdrawing the security-designated data and parsed remainder data from their respective stores only when the access controls are applied.

U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores," issued January 15, 2019 (’073 Patent)

Technology Synopsis

This patent addresses the need for dynamic data filtering in secure systems. It describes an information infrastructure that uses initially configured filters to identify sensitive content, and then allows for the subsequent alteration of these filters—such as expanding or contracting their scope or changing their classification—to dynamically manage data processing over time. (’073 Patent, Abstract; Compl. ¶180).

Asserted Claims

Independent claim 1 is asserted (Compl. ¶164).

Accused Features

The accused systems' use of configurable "protection policies" that allow an enterprise to define, run, monitor, and modify the rules for data replication and vaulting (Compl. ¶¶181, 184).

U.S. Patent No. 10,250,639 - "Information Infrastructure Management Data Processing Tools for Processing Data Flow With Distribution Controls," issued April 2, 2019 (’639 Patent)

Technology Synopsis

This patent focuses on methods for "sanitizing" data by separating sensitive content from non-sensitive content according to different security levels and clearance requirements. The method involves extracting sensitive data into secure stores, leaving non-extracted "remainder data," and then using various filters (content, contextual, taxonomic) to "inference" the data and obtain a sanitized result for secure processing. (’639 Patent, Abstract; Compl. ¶¶192, 216).

Asserted Claims

Independent claim 16 is asserted (Compl. ¶191).

Accused Features

The accused systems' process of extracting critical financial account data (sensitive content) for storage in a secure vault, thereby creating a "sanitized" version of the data, and using filters and priority rules to identify and protect this sensitive content (Compl. ¶¶213, 216).

III. The Accused Instrumentality

Product Identification

The "Accused Instrumentalities" are identified as the data backup and disaster recovery systems and methods that Defendant TruMark Financial Credit Union makes, owns, operates, or uses, which are alleged to be compliant with or functionally equivalent to the "Sheltered Harbor" financial industry specification (Compl. ¶94).

Functionality and Market Context

The complaint alleges that the accused systems perform automated, typically nightly, backups of critical customer account information to protect against catastrophic data loss from events like cyberattacks (Compl. ¶71, ¶74). The process involves extracting critical data, converting it to a standard format, encrypting it, and transmitting it to a secure, immutable, and isolated "data vault" that is "air-gapped" from production networks (Compl. ¶¶68, 75). The complaint characterizes Sheltered Harbor not as an optional product but as an "industry standard" and a "critical next step" for financial institutions, driven by industry consensus and regulatory requirements to ensure financial market stability (Compl. ¶¶61, 93). A diagram from Dell's "PowerProtect Cyber Recovery" solution, an exemplary Sheltered Harbor-compliant system, illustrates the data flow from a "Production Environment" to an air-gapped "Data Vault Environment" (Compl. p. 31, ¶71).

IV. Analysis of Infringement Allegations

’301 Patent Infringement Allegations

Claim Element (from Independent Claim 25) Alleged Infringing Functionality Complaint Citation Patent Citation
providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters which stores are operatively coupled over a communications network The accused systems allegedly provide a "data vault" comprising multiple data stores (e.g., Backup, Copy, Lock, Analyze) that operate with "protection policies," which are alleged to be the claimed "categorical filters" (Compl. ¶¶103, 105). A diagram in the complaint illustrates these multiple data stores within a "Cyber Recovery Vault" (Compl. p. 52, ¶104). ¶103, ¶105, ¶106 col. 13:25-40
activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... as aggregated select content The enterprise allegedly activates "protection policies" (the claimed filters) to extract critical financial account information (the claimed select content) for protective vaulting (Compl. ¶108). This extracted data is allegedly contextually or taxonomically associated using aggregated tags (Compl. ¶107, ¶109). ¶107-109 col. 13:41-51
storing said aggregated select content for said at least one categorical filter in said corresponding select content data store The accused systems allegedly store the extracted critical account data (aggregated select content) in the secure "data vault," which is the corresponding data store (Compl. ¶111-112). ¶111, ¶113 col. 13:52-55
for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process The accused systems allegedly associate data processes such as copying, archiving, and extracting with specific data types based on the policies established by the enterprise (Compl. ¶114-115). ¶114, ¶116 col. 13:56-62
applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter utilizing said aggregated select content data Once a protection policy is established, the accused systems allegedly apply the associated process (e.g., backup to the vault) to all subsequent data inputs that meet the filter criteria (Compl. ¶117-118). ¶117, ¶119 col. 13:63-14:3
activating a designated categorical filter, which encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based Filter activation is allegedly performed automatically on a time-based schedule (e.g., "nightly"), upon a condition (e.g., "when new assets are detected"), or manually ("on demand") (Compl. ¶120, ¶122). ¶120, ¶122 col. 14:4-9

’169 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of organizing and processing data in a distributed cloud-based computing system... said system having select content represented by one or more predetermined words, characters, images, data elements or data objects The accused systems are allegedly cloud-based or deployable in the cloud and process critical financial account data, which is represented by predetermined data elements (Compl. ¶129, ¶131, ¶133). ¶129, ¶134 col. 1:16-24
providing in said distributed cloud-based computing system: (i) a plurality of select content data stores for respective ones of a plurality of security designated data; and (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat The accused systems allegedly provide a "data vault" (the select content data stores), production/backup systems (the granular data stores), and can be implemented on cloud platforms like AWS or Azure (the cloud-based server) (Compl. ¶131, ¶136, ¶138). The vault has strict access controls (Compl. ¶137). A diagram illustrates the production side ("Backup Workloads") as distinct from the secure vault (Compl. p. 70, ¶138). ¶135, ¶139 col. 3:32-41
providing a communications network operatively coupling said plurality of select content data stores and cloud-based server The accused systems allegedly comprise an operatively coupled communications network that connects the production environment to the vaulting environment through dedicated, air-gapped interfaces (Compl. ¶140-141). ¶140, ¶141 col. 4:38-44
(with respect to data processed by said cloud-based system) extracting and storing said security designated data in respective select content data stores The accused systems allegedly extract critical financial account data (security designated data) and store it in the secure data vault (select content data stores) using protection policies and aggregated tags (Compl. ¶142-143). ¶142, ¶146 col. 4:26-31
activating at least one of said select content data stores... thereby permitting access to said select content data stores and respective security designated data based upon an application of one or more of said access controls thereat Access to the data vault is allegedly safeguarded by strict, credential-controlled access, including multi-factor authentication, which must be applied to permit access (Compl. ¶147-148). ¶147, ¶149 col. 4:32-37
parsing remainder data not extracted from data processed by said cloud-based system and storing the parsed data in respective granular data stores Data not extracted for the vault (remainder data) is allegedly stored in production and backup systems (granular data stores) (Compl. ¶150-151). A diagram highlights these "Production Workloads" and "Backup Workloads" as the source of data for the vault, and thus the location of the remainder data (Compl. p. 77, ¶151). ¶150, ¶152 col. 4:26-31
(with respect to the aforementioned parsing and storing of remainder data) including both (i) randomly parsing and storing said remainder data, and (ii) parsing and storing said remainder data according to a predetermined algorithm based upon said security designated data and said select content data stores The complaint alleges that traffic to and from the data vault, as well as data in the production environment, is encrypted, which satisfies the "randomly parsing" limitation. The use of predetermined protection policies satisfies the "predetermined algorithm" limitation. (Compl. ¶153-154). ¶153, ¶155 col. 4:26-31
withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto The very purpose of the accused system is allegedly to allow for the emergency restoration (withdrawal) of critical data from the vault, a process governed by strict access controls to ensure a secure restoration (Compl. ¶156-157). ¶156, ¶158 col. 4:45-51

Identified Points of Contention

  • Scope Questions: A central issue may be whether the term "cloud-based computing system" in the ’169 Patent requires the system to be hosted exclusively by a third-party cloud provider, or if it can read on on-premises systems that are merely "cloud-deployable," as the complaint alleges for the accused systems (Compl. ¶131). Similarly, the court may need to decide if the patent term "categorical filters" can be construed to cover the "protection policies" used in the Sheltered Harbor protocol, which was developed years after the patent's priority date.
  • Technical Questions: A key technical question will be whether leaving non-extracted data in its original production or backup system constitutes the affirmative step of "parsing remainder data... and storing the parsed data" as required by Claim 1 of the ’169 Patent. The analysis may turn on whether "parsing" requires an active analysis and decomposition of data, or merely a separation.

V. Key Claim Terms for Construction

  • The Term: "categorical filters" (’301 Patent, Claim 25)

    • Context and Importance: This term is the core mechanism of the claimed invention. The infringement case appears to depend on equating this term with the "protection policies" used in the accused Sheltered Harbor systems (Compl. ¶105). Practitioners may focus on this term because its scope will determine whether the patent reads on a widely adopted industry standard or is limited to the specific implementations described in the patent.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The patent summary states the system has a plurality of filters which "include content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 4:5-8), suggesting these are illustrative examples rather than an exhaustive list.
      • Evidence for a Narrower Interpretation: The detailed description provides specific and complex implementations, linking the filters to a "knowledge expander (KE) search engine" and a "hierarchical taxonomic system" for building contextual and taxonomic filters (’301 Patent, col. 10:22-32). This could support an argument that a "categorical filter" is not just any rule but one tied to these advanced classification engines.

  • The Term: "parsing remainder data... and storing the parsed data" (’169 Patent, Claim 1)

    • Context and Importance: The complaint's infringement theory alleges this element is met by the accused system leaving non-extracted data in its original production and backup locations (Compl. ¶150-151). The viability of this theory depends entirely on the construction of "parsing" and "storing."
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The patent abstract describes the system as having data stores for "security designated data" and separate stores for "granular data." This high-level description focuses on the result (separation of data) rather than a specific mechanism, which could support a broader reading where "parsing" simply means separating. (’169 Patent, Abstract).
      • Evidence for a Narrower Interpretation: The patent elsewhere describes actively "splitting a document or data stream into granular parts for subsequent processing" and using an "Information Dispersal Algorithm," which "slices the data into different data streams" (’169 Patent, col. 17:1-8). This language suggests an active process of decomposition and dispersal, not merely leaving data in place.

VI. Other Allegations

  • Willful Infringement: The complaint alleges that Defendant has had actual notice of the patents-in-suit since at least the date of service of the complaint (Compl. ¶225). It alternatively alleges notice as of November 21, 2023, based on "awareness of the patent infringement lawsuits filed by DigitalDoors against competitor financial institutions" (Compl. ¶225). The complaint further alleges that Defendant is "willfully blind" to Plaintiff's patent rights due to a policy or practice of not reviewing the patents of others (Compl. ¶226).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the patent term "categorical filters," which is described in the specification with specific technical implementations like a "knowledge expander," be construed broadly enough to cover the more general "protection policies" used in the accused industry-standard Sheltered Harbor protocol?
  • A key question of operative action will be whether leaving non-critical data in its original production and backup systems constitutes the affirmative step of "parsing remainder data... and storing the parsed data" as required by Claim 1 of the ’169 Patent, or if the claim requires a more active decomposition and storage process not present in the accused systems.
  • The case may also present an evidentiary question concerning non-obviousness: how will the court weigh the fact that the accused "Sheltered Harbor" standard was developed by an industry consortium years after the patents' priority date—a fact Plaintiff presents as evidence of the inventions' unconventional nature, but which Defendant may frame as independent development of a different, non-infringing solution?