DCT
2:24-cv-00787
DigitalDoors Inc v. Washington Federal Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: Washington Federal Bank (United States)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00787, E.D. Tex., 09/25/2024
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established business presence in the district, including physical bank branches and employees, and specifically targets customers within the district.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, which are asserted to be compliant with the financial industry's "Sheltered Harbor" standard, infringe four patents related to methods for granularly filtering, extracting, storing, and securing sensitive data in distributed computing systems.
- Technical Context: The technology relates to cybersecurity and data resilience, specifically methods to protect critical data from catastrophic loss by isolating it in secure, "air-gapped" digital vaults.
- Key Procedural History: The complaint does not reference prior litigation or post-grant proceedings involving the patents-in-suit. It does assert that the patents are "pioneering" and have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial companies.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Priority Date for all Asserted Patents |
| 2015-01-01 | Sheltered Harbor initiative launched (Accused Standard) |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2024-09-25 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - Information Infrastructure Management Tools With Extractor, Secure Storage, Content Analysis And Classification And Method Therefor
The Invention Explained
- Problem Addressed: At the time of invention, enterprises struggled to manage and secure information, particularly unstructured data, within increasingly open and vulnerable digital ecosystems. Conventional security was file-based, which was inadequate for protecting sensitive information that might exist within a larger, non-sensitive file, and for managing the changing sensitivity of data over its lifecycle (Compl. ¶28; ’301 Patent, col. 1:31-38, 2:28-61).
- The Patented Solution: The patent describes a method for organizing and processing data based on its content, not just its file container. The system uses a set of "categorical filters" to identify and extract specific "select content" from a data stream. This granularly selected data is then stored in corresponding secure data stores, and specific data processes (e.g., copy, archive, destroy) are associated with the data based on the activated filter, allowing for fine-grained, automated control over sensitive information ('301 Patent, Abstract; col. 3:28-4:18).
- Technical Importance: The invention represented a shift from file-level security to a more sophisticated, content-level approach to data management, enabling more robust and flexible security protocols for distributed systems (Compl. ¶28).
Key Claims at a Glance
- The complaint asserts infringement of at least independent claim 25 (Compl. ¶99).
- The essential elements of Claim 25 include:
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one filter and processing a data input to obtain "select content" and "associated select content."
- Storing the aggregated select content in a corresponding data store.
- Associating a data process (e.g., copy, extract, archive, distribution, destruction) with the activated filter.
- Applying that associated data process to a further data input based on the filter's processing result.
- The filter activation can be automatic (time-based, condition-based, or event-based) or manual.
U.S. Patent No. 9,734,169 - Digital Information Infrastructure and Method For Securing Designated Data and With Granular Data Stores
The Invention Explained
- Problem Addressed: The patent addresses the need for enhanced data security in distributed, and particularly cloud-based, computing environments where sensitive data must be protected from unauthorized access during storage and retrieval (’169 Patent, col. 1:53-2:15).
- The Patented Solution: The invention proposes a method where a cloud-based system separates data into two categories. "Security designated data" (select content) is extracted and stored in a plurality of secure "select content data stores" with strict access controls. The "remainder data" is parsed and stored separately in "granular data stores." This architectural separation reduces the attack surface by isolating the most critical data and allows for secure withdrawal and reconstruction only when access controls are satisfied (’169 Patent, Abstract; col. 3:28-4:10).
- Technical Importance: The technology provides a framework for secure data vaulting in a cloud environment by segregating critical data from non-critical data into distinct, access-controlled storage tiers (Compl. ¶¶131-132).
Key Claims at a Glance
- The complaint asserts infringement of at least independent claim 1 (Compl. ¶130).
- The essential elements of Claim 1 include:
- Providing, in a distributed cloud-based system, a plurality of select content data stores, a plurality of granular data stores, and a cloud-based server coupled by a communications network.
- Extracting and storing security designated data in the select content data stores.
- Activating a select content data store to permit access based on one or more access controls.
- Parsing remainder data not extracted and storing it in the granular data stores.
- The parsing and storing of remainder data includes both random and predetermined algorithmic methods.
- Withdrawing the security-designated data and parsed remainder data only when the respective access controls are applied.
U.S. Patent No. 10,182,073 - Information Infrastructure Management Tools With Variable and Configurable Filters and Segmental Data Stores
- Technology Synopsis: This patent discloses a method for creating a data processing infrastructure where data throughput is organized by a plurality of filters. The invention's focus is on the dynamic nature of these filters, which can be altered by expanding or contracting the scope of sensitive or select content, or by changing their classification scheme. The system then generates modified filters based on these alterations to process subsequent data, allowing the security framework to adapt over time (’073 Patent, Abstract; Compl. ¶182).
- Asserted Claims: Independent claim 1 is asserted (Compl. ¶166).
- Accused Features: The accused systems' use of configurable "protection policies" that can be created and modified by the enterprise to define and alter the rules for data extraction and vaulting. A screenshot from a Dell instructional video shows a user interface for selecting and modifying filter options for reports, which the complaint alleges is an implementation of this technology (Compl. ¶¶183, 185; Compl. p. 94).
U.S. Patent No. 10,250,639 - Information Infrastructure Management Data Processing Tools for Data Flow With Distribution Controls
- Technology Synopsis: This patent describes a method for "sanitizing" data in a distributed system. The system processes a data input by extracting "sensitive content" based on predefined sensitivity levels into secure extract stores, leaving "remainder data." The invention further involves applying content, contextual, and taxonomic filters to the sanitized data to obtain "inferenced" data, adding a layer of intelligent analysis to the secured information (’639 Patent, Abstract; Compl. ¶¶194, 218).
- Asserted Claims: Independent claim 16 is asserted (Compl. ¶193).
- Accused Features: The accused systems' core function of extracting critical customer financial data (the "sensitive content") into a secure vault while other data (the "remainder data") remains in the production environment. The complaint alleges that the use of filters and analytics within these systems to manage and protect data constitutes the claimed inferencing steps (Compl. ¶¶203, 215, 218, 221).
III. The Accused Instrumentality
Product Identification
- The "Accused Instrumentalities" are the data processing systems and methods that Defendant Washington Federal Bank ("WaFd") allegedly "makes, owns, operates, uses, or otherwise exercises control over" for data backup and disaster recovery (Compl. ¶96). The complaint specifies that these systems are either compliant with the "Sheltered Harbor" industry specification or provide "substantially equivalent functionality" (Compl. ¶96).
Functionality and Market Context
- The complaint alleges the accused systems create secure, segmented, and isolated backups of critical financial data to ensure recovery after a catastrophic cyberattack (Compl. ¶¶70, 73). A core feature is the creation of a "data vault," an immutable, air-gapped, and secure storage environment physically or logically separated from production and backup networks (Compl. ¶¶77, 81). Data is extracted from the production environment, converted to a standardized format, and replicated to this vault (Compl. ¶70). The complaint presents the Dell PowerProtect Cyber Recovery solution as an exemplary system that implements the Sheltered Harbor standard (Compl. ¶72). A diagram from a Dell solution brief illustrates this architecture, showing a "Production Environment" where data is extracted and a separate "Data Vault Environment" where data is replicated and secured via an "Air-gap" (Compl. ¶73, p. 32).
IV. Analysis of Infringement Allegations
'901,5301 Patent Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters which stores are operatively coupled over a communications network | The accused systems provide a "data vault" comprising multiple data stores (e.g., for backup, copy, lock, and analysis) that operate with "protection policies" (filters) set by the enterprise. | ¶105-108 | col. 13:28-40 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content... as aggregated select content | The system activates protection policies to extract critical financial account information from the data stream. This is implemented using aggregated tags and metadata to identify and group the data to be protected. | ¶109-111 | col. 13:41-48 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store | The extracted critical account data is backed up and placed into corresponding storage units or "data trees" within the secure data vault. | ¶113-114 | col. 13:49-52 |
| and for the activated categorical filter, associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process | The system associates data processes like data backup (a copy/archive process) with the selected content based on the established protection policy. | ¶116-117 | col. 13:53-59 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter | Once a protection policy is established, all subsequent data inputs (e.g., daily data) are processed in the same way, with backups automatically going to the designated storage unit. | ¶119-121 | col. 14:1-5 |
| wherein activating said designated categorical filter encompasses an automatic activation... and said automatic activation is time-based... or event-based | The data backup process is automated to run at a designated time interval (e.g., "each night") or is triggered by an event, such as the detection of new or modified data assets. | ¶122-124 | col. 14:28-36 |
- Identified Points of Contention:
- Scope Questions: A central question may be whether the term "categorical filters," as described in the patent, can be construed to read on the "protection policies" and rule-based systems (e.g., rules based on VM folder names) alleged to be used in modern commercial data-vaulting products (Compl. ¶88).
- Technical Questions: The complaint's theory relies on the Sheltered Harbor standard as a proxy for WaFd's actual system. A key factual question for discovery will be whether WaFd's specific implementation performs each step of the claimed method, particularly the step of "applying the associated data process to a further data input based upon a result" of the initial processing.
'9,734,169 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed cloud-based computing system | The accused systems are allegedly deployable in cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud. | ¶131, 133 | col. 132:14-19 |
| providing... (i) a plurality of select content data stores...; and (ii) a plurality of granular data stores; and (iii) a cloud-based server | The accused architecture includes a secure, air-gapped "data vault" (select content stores) that is isolated from the "production and backup systems" (granular data stores). A reference architecture diagram shows this separation (Compl. p. 36). | ¶137-140 | col. 1:17-25 |
| extracting and storing said security designated data in respective select content data stores | The system extracts "critical account data" and stores it in the secure data vault. | ¶144-145 | col. 3:63-67 |
| activating at least one of said select content data stores...permitting access...based upon an application of one or more of said access controls | Access to the data vault is strictly controlled by security measures like multi-factor authentication and least-privilege access concepts. | ¶149-150 | col. 4:1-6 |
| parsing remainder data not extracted... and storing the parsed data in respective granular data stores | Data not extracted as critical remains in the production and backup systems outside the vault. | ¶152-153 | col. 4:7-10 |
| including both (i) randomly parsing and storing said remainder data, and (ii) parsing and storing said remainder data according to a predetermined algorithm | The complaint alleges that data traffic is encrypted (equated with "randomly parsed") and that data is backed up according to predetermined policies. | ¶155-156 | col. 4:11-16 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto | Data is withdrawn from the vault for restoration only after satisfying strict security protocols and access controls. | ¶158-160 | col. 4:17-22 |
- Identified Points of Contention:
- Scope Questions: It may be disputed whether the Defendant's system, if partially on-premises, qualifies as a "distributed cloud-based computing system" as the claim requires. The complaint asserts optional cloud implementation, but the nature of WaFd's actual deployment will be critical (Compl. ¶133).
- Technical Questions: The complaint's allegation that standard encryption of data in the production environment constitutes "randomly parsing and storing" may be a point of technical and legal contention, as "parsing" typically implies a structural analysis of data, not just its cryptographic transformation.
V. Key Claim Terms for Construction
The Term: "categorical filters" (from ’301 Patent, Claim 25)
Context and Importance: This term is fundamental to the invention, as it defines the mechanism by which sensitive or important "select content" is identified for extraction and special handling. The breadth of this term's construction will likely determine whether modern, rule-based data management policies fall within the scope of the claims.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification states that enterprise-designated filters are used to "screen data for enterprise policies" covering a wide range of categories, including privacy, financial, health care, and legal policies ('301 Patent, col. 12:5-15). This may support an interpretation that includes any enterprise-defined rule set for data selection.
- Evidence for a Narrower Interpretation: The patent repeatedly uses examples tied to hierarchical security classifications (e.g., Top Secret, Confidential) and taxonomic systems ('301 Patent, col. 18:26-34). A defendant may argue that the term should be limited to these more structured, hierarchical classification schemes rather than general business rules.
The Term: "parsing remainder data" (from ’169 Patent, Claim 1)
Context and Importance: This term describes the action performed on the data that is not extracted into the secure vault. Its definition is critical because the claim requires this "parsed" data to be stored separately. The infringement theory depends on mapping this term to the operations of the accused systems.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not appear to provide an explicit definition of "parsing" that would limit it. The complaint alleges that encryption constitutes "randomly parsing" (Compl. ¶156), suggesting an argument that any transformation or processing of the data could qualify.
- Evidence for a Narrower Interpretation: In computer science, "parsing" generally refers to analyzing a string of symbols or data to understand its grammatical structure. The patent's abstract describes a process of separating "select content data" from "granular data," which suggests a structural separation. A defendant could argue that merely encrypting a data block or leaving it "as is" in a backup file does not constitute "parsing" in the manner required by the claim.
VI. Other Allegations
- Indirect Infringement: The complaint focuses on allegations of direct infringement, stating that Defendant "makes, owns, operates, uses, or otherwise exercises control" over the accused systems and that the systems themselves "directly perform... all infringing steps" (Compl. ¶¶96, 99, 130). The complaint does not plead specific facts to support induced or contributory infringement.
- Willful Infringement: The complaint alleges willfulness for all four patents based on continued infringement after Defendant received notice of the patents, at least by service of the complaint (Compl. ¶¶126, 162, 189, 224). A standalone count for "Knowledge and Willfulness" further alleges that Defendant had, or should have had, notice as early as November 21, 2023, due to awareness of similar lawsuits against competitor financial institutions. The complaint also alleges a policy of "willfully blind[ing]" itself to the patent rights of others (Compl. ¶¶227-228).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can claim terms like "categorical filter," which are described in the patents with examples from government security classification, be construed broadly enough to read on the modern, rule-based "protection policies" used for disaster recovery in the commercial financial industry?
- A key evidentiary question will be one of technical implementation: the infringement allegations are based largely on the public specifications of the "Sheltered Harbor" standard and exemplary third-party products. The case will likely depend on whether discovery shows that Washington Federal Bank's actual, internal systems perform every specific step recited in the asserted claims, or if there are material operational differences.
- A third question will be one of technical interpretation: can the Plaintiff successfully argue that standard data management operations, such as data encryption or creating routine backups, meet specific claim limitations like "randomly parsing" or "applying the associated data process to a further data input based upon a result"? The resolution of these technical arguments will be critical to the infringement analysis.