DCT
2:24-cv-00786
DigitalDoors Inc v. Vertex Holdings Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Veritex Holdings, Inc. (Texas)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-786, E.D. Tex., 09/25/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, operates physical branch locations, and targets customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, particularly those compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods for securely filtering, extracting, and storing sensitive data in distributed computing environments.
- Technical Context: The technology concerns secure data management architectures designed to ensure the survivability and recovery of critical data, a key operational and regulatory concern for financial institutions facing sophisticated cybersecurity threats.
- Key Procedural History: The complaint alleges that Defendant was on notice of the patents-in-suit as of at least November 21, 2023, due to awareness of lawsuits filed by the Plaintiff against competitor financial institutions. The patents are described as "pioneering" and have been cited as prior art in numerous subsequent patent applications by major technology and financial services companies.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Priority Date for ’301, ’169, ’073, and ’639 Patents |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issues |
| 2015-01-01 | Sheltered Harbor initiative launched (approximate date) |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issues |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issues |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issues |
| 2023-11-21 | Alleged Alternative Notice Date for Willfulness |
| 2024-09-25 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - “Information Infrastructure Management Tools with Extractor, Secure Storage, Analysis and Classification and Method Therefor,” issued April 21, 2015 (’301 Patent)
The Invention Explained
- Problem Addressed: The patent’s background section describes the difficulty of managing and securing sensitive information, particularly unstructured data, within enterprise computer systems that are often part of vulnerable "open ecosystems" with many access points (Compl. ¶¶27, 31; ’301 Patent, col. 1:60-2:27). Conventional approaches were file-based and lacked the ability to automatically categorize content to implement granular security and handling policies (Compl. ¶27; ’301 Patent, col. 1:31-38).
- The Patented Solution: The invention proposes a method of shifting data management from the file level to the content level by using a system of configurable filters to process a data stream (’301 Patent, col. 9:46-58). The system uses "categorical filters" (which can be content-based, contextual, or taxonomic) to identify and extract "select content" deemed important to the enterprise. This extracted, aggregated content is then stored in corresponding secure data stores, and specific data processes (e.g., copy, archive, destroy) are associated with the filtered data to manage its lifecycle (’301 Patent, Abstract; col. 3:17-4:35).
- Technical Importance: This approach provides a more granular and secure method for data management by separating sensitive content from the main data stream and storing it in distributed, specialized locations, thereby increasing security and data survivability (Compl. ¶¶36-37; ’301 Patent, col. 16:39-47).
Key Claims at a Glance
- The complaint asserts independent claim 25 (’301 Patent, col. 131:26-132:23; Compl. ¶98).
- The essential elements of claim 25 include:
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one filter to process a data input and obtain aggregated "select content."
- Storing the aggregated select content in a corresponding data store.
- Associating a data process (e.g., copy, extract, archive) with the activated filter.
- Applying that associated data process to a subsequent data input processed by the filter.
- Wherein the filter activation is automatic (time-based, condition-based, or event-based) or manual.
U.S. Patent No. 9,734,169 - “Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores,” issued August 15, 2017 (’169 Patent)
The Invention Explained
- Problem Addressed: The invention addresses the need for secure, access-controlled storage of sensitive data within a distributed or cloud-based computing environment. The central problem is how to effectively segregate and protect highly sensitive data while maintaining the utility of the remaining, less-sensitive data (’169 Patent, Abstract).
- The Patented Solution: The patent describes a method where a distributed system provides separate storage locations for different types of data: "a plurality of select content data stores" for security-designated data and "a plurality of granular data stores" for the remaining data (’169 Patent, col. 4:27-31). A cloud-based server manages access to the secure "select content" stores. The method involves extracting the sensitive data for storage in the secure stores, parsing the "remainder data" for storage in the granular stores, and permitting withdrawal of any data only upon application of strict access controls (’169 Patent, Abstract).
- Technical Importance: This architecture enhances data security by creating distinct, specialized storage environments for sensitive versus non-sensitive data, thereby isolating critical information and restricting access through a centralized control mechanism (Compl. ¶¶136, 151).
Key Claims at a Glance
- The complaint asserts independent claim 1 (’169 Patent, col. 131:13-132:5; Compl. ¶129).
- The essential elements of claim 1 include:
- Providing select content data stores, granular data stores, and a cloud-based server with access controls for the select content stores.
- Providing a communications network coupling the stores and server.
- Extracting and storing security-designated data in the select content data stores.
- Activating a select content data store to permit access based on applied access controls.
- Parsing remainder data not extracted and storing it in the granular data stores.
- Withdrawing data from any store only in the presence of applied access controls.
Multi-Patent Capsule: U.S. Patent No. 10,182,073 (’073 Patent)
- Patent Identification: U.S. Patent No. 10,182,073, “Information Infrastructure Management Tools with Variable and Configurable Filters and Segmental Data Stores,” issued January 15, 2019.
- Technology Synopsis: This patent describes a system for creating a secure information infrastructure where data is processed through a plurality of filters. The invention's focus is on the dynamic nature of these filters, which can be altered by expanding or contracting the definitions of sensitive and select content, or by imposing or removing classifications. This allows an enterprise to modify its data filtering rules over time to adapt to changing needs or threats (’073 Patent, Abstract).
- Asserted Claims: Independent claim 1 is asserted (Compl. ¶165).
- Accused Features: The complaint alleges infringement by systems that allow an enterprise to define, run, monitor, and, critically, modify existing data protection policies, which in turn generates modified filters that organize further data throughput (Compl. ¶¶182, 184-185).
Multi-Patent Capsule: U.S. Patent No. 10,250,639 (’639 Patent)
- Patent Identification: U.S. Patent No. 10,250,639, “Information Infrastructure Management Data Processing Tools for Processing Data Flow with Distribution Controls,” issued April 2, 2019.
- Technology Synopsis: This patent details a method for "sanitizing" data in a distributed system by processing it according to sensitivity levels and security clearances. The system extracts sensitive content into secure "extract data stores" and other "select content" into separate stores, leaving non-extracted "remainder data." A key aspect is the use of content, contextual, and taxonomic filters to "inference" the sanitized data to obtain further insights or apply additional processing (’639 Patent, Abstract).
- Asserted Claims: Independent claim 16 is asserted (Compl. ¶192).
- Accused Features: The complaint accuses systems that extract sensitive content (critical account data) into a secure vault while storing remainder data elsewhere (the production environment), thereby creating a "sanitized" version of the data in the vault, and which use various filters to perform this extraction and subsequent analysis (Compl. ¶¶214, 217).
III. The Accused Instrumentality
Product Identification
The complaint identifies the "Accused Instrumentalities" as the systems and methods used by Veritex for data processing, backup, and disaster recovery that are compliant with the "Sheltered Harbor" industry standard, or which provide functionally equivalent data protection (Compl. ¶95). The complaint points to systems such as Dell PowerProtect Cyber Recovery as exemplary technologies that embody the Sheltered Harbor specifications (Compl. ¶71).
Functionality and Market Context
The accused systems are designed to protect critical customer financial data from catastrophic events like cyberattacks, ensuring the stability of the financial institution and the broader market (Compl. ¶62). Their core technical function involves a daily process of extracting critical account data from a financial institution's "Production Environment," converting it into a standardized format, and transmitting it across a secure, "air-gapped" connection to an isolated, immutable "Data Vault Environment" for secure storage (Compl. ¶¶72, 76, 81). A diagram from a Dell white paper illustrates this architecture, showing the distinct "Production Environment" and the isolated "Data Vault Environment" connected by an "Air-gap" (Compl. p. 32). In the event of a disaster, this vaulted data can be used on a "Restoration Platform" to recover customer accounts and funds (Compl. ¶¶70, 89).
IV. Analysis of Infringement Allegations
U.S. Patent No. 9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The Accused Instrumentalities provide a secure "data vault" containing multiple data stores (e.g., for backup, copy, analysis) that operate with "protection policies" which function as categorical filters. | ¶104, ¶105, ¶106 | col. 3:28-40 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content...as aggregated select content; | The systems activate these protection policies to extract critical financial account information from the production data stream, which is aggregated for vaulting. | ¶108, ¶109 | col. 14:15-21 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; | The aggregated critical account data is stored each night in the corresponding storage units within the secure data vault. | ¶112, ¶113 | col. 14:22-26 |
| and for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process... | The systems associate processes like copying, extracting, and archiving with the selected data to move it into the vault in accordance with the Sheltered Harbor standard. | ¶115, ¶116 | col. 4:4-8 |
| applying the associated data process to a further data input... | Once a protection policy is established, subsequent backups and data inputs are automatically processed in the same way, going to the same designated storage unit in the vault. | ¶118, ¶119 | col. 14:32-38 |
| wherein activating said designated categorical filter encompasses an automatic activation...and said automatic activation is time-based, distributed computer system condition-based, or event-based. | The data vaulting process is automated and occurs on a time-based schedule (e.g., nightly), upon a condition (detection of new assets), or event-based trigger. | ¶121, ¶122, ¶123 | col. 14:45-51 |
Identified Points of Contention
- Scope Questions: A central question may be whether the "protection policies" used in Sheltered Harbor-compliant systems, which can be based on criteria like "VM Folder Name," constitute "designated categorical filters" as understood in the patent, which also describes more complex taxonomic and contextual filtering systems (Compl. ¶87).
- Technical Questions: The defense may question whether the routine creation of a daily backup in a secure vault is equivalent to the patent's more active process of "activating...filters," "associating...a data process," and "applying" that process to subsequent data, or if the accused functionality is a more passive, conventional data handling technique.
U.S. Patent No. 9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing in said distributed cloud-based computing system: (i) a plurality of select content data stores...; and (ii) a plurality of granular data stores; and (iii) a cloud-based server... | The accused systems are allegedly cloud-based and provide a secure "data vault" (select content stores) and production/backup systems (granular data stores), managed by servers. | ¶132, ¶136, ¶137, ¶139 | col. 3:17-27 |
| providing a communications network operatively coupling said plurality of select content data stores and cloud-based server; | The systems include a network that couples the production and vault environments, often via a logical, dedicated "air-gapped" connection. A diagram in the complaint illustrates this network architecture. | ¶141, ¶142; Compl. p. 72 | col. 3:25-27 |
| extracting and storing said security designated data in respective select content data stores; | The systems extract critical customer account data (security designated data) and store it in the isolated, secure data vault. | ¶143, ¶144 | col. 4:32-34 |
| activating at least one of said select content data stores...thereby permitting access to said select content data stores...based upon an application of one or more of said access controls thereat; | Access to the data vault is strictly controlled by security measures like multi-factor authentication, which must be satisfied to activate the store and access the data. | ¶148, ¶149 | col. 4:35-39 |
| parsing remainder data not extracted...and storing the parsed data in respective granular data stores; | Data that is not extracted for the vault ("remainder data") is left in and backed up with the production systems ("granular data stores"). | ¶151, ¶152 | col. 4:40-42 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. | For disaster recovery, data is withdrawn from the vault and production systems for use on a restoration platform, a process governed by strict access controls. | ¶157, ¶158 | col. 4:43-46 |
Identified Points of Contention
- Scope Questions: The term "parsing remainder data" may be a key point of dispute. The parties may contest whether merely leaving non-extracted data in its original production environment and performing standard backups constitutes "parsing" and "storing" that data as a distinct step, as required by the claim.
- Technical Questions: It may be argued whether a standard production environment plus a separate disaster recovery vault technically meets the claim's structure of "a plurality of select content data stores" and a separate "plurality of granular data stores," or if this is simply a characterization of a conventional backup architecture.
V. Key Claim Terms for Construction
Term ('301 Patent): "designated categorical filters"
- Context and Importance: This term is foundational to the infringement theory for the ’301 Patent. Plaintiff’s case appears to depend on construing this term to read on the "protection policies" and rule-based systems used in Sheltered Harbor-compliant architectures to identify critical data for vaulting (Compl. ¶¶106, 109). The outcome of the case may hinge on whether these accused features fall within the scope of this claim term.
- Intrinsic Evidence for a Broader Interpretation: The specification describes these filters as being used to screen data for an enterprise based on a wide range of policies, including "service policy, customer privacy policy, supplier privacy policy, enterprise human resource privacy policy," among others (’301 Patent, col. 4:15-20). This suggests the term could encompass any rule-based system for selecting data.
- Intrinsic Evidence for a Narrower Interpretation: The patent repeatedly discusses specific types of advanced filters, such as "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:34-36) and describes building them with tools like a "Knowledge Expander" engine (’301 Patent, col. 10:22-26). This may support an argument that the term is limited to filters with semantic or contextual awareness, not just simple criteria like a file location or name.
Term ('169 Patent): "parsing remainder data"
- Context and Importance: This step is a required element of Claim 1 of the ’169 Patent. The complaint alleges this element is met by storing non-extracted data in production and backup systems (Compl. ¶151). Practitioners may focus on this term because if "parsing" requires more than simply leaving data untouched, the infringement argument could be challenged.
- Intrinsic Evidence for a Broader Interpretation: The patent does not provide an explicit definition of "parsing." An argument for a broad interpretation may rely on the plain meaning, where the act of separating the data stream into "extracted" and "remainder" portions could itself be considered a form of parsing the whole into its components.
- Intrinsic Evidence for a Narrower Interpretation: The specification describes an "information dispersal algorithm" that breaks data into "granular pieces" for security (’169 Patent, col. 15:52-16:12). An argument for a narrower construction might be that "parsing" requires a similar active process of breaking the remainder data down, rather than simply leaving it in its original, un-processed format.
VI. Other Allegations
Willful Infringement
The complaint alleges that Defendant's infringement has been and continues to be willful, particularly after receiving notice of the patents (Compl. ¶¶125, 161, 188, 223). The basis for knowledge is alleged to be either service of the complaint or, alternatively, Defendant's awareness of prior lawsuits filed against its competitors since at least November 21, 2023 (Compl. ¶226). Plaintiff further alleges willful blindness, asserting that Defendant maintains a policy or practice of not reviewing the patents of others (Compl. ¶227).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the patented concepts of "designated categorical filters" and "parsing remainder data" be construed broadly enough to read on the industry-standard data protection practices alleged, such as using "protection policies" to identify critical data for a secure backup vault while leaving other data in the production environment?
- A central evidentiary question will be one of functional distinction: does the accused Sheltered Harbor-compliant architecture perform a fundamentally different technical operation—namely, robust disaster recovery via isolated backups—than the granular, content-level data management and filtering systems described and claimed in the patents-in-suit? The case will likely turn on whether the accused systems are merely an implementation of the patented methods or represent a parallel, non-infringing solution to a similar problem.