DCT
7:25-cv-00110
DigitalDoors Inc v. WestStar Bank
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DigitalDoors, Inc. (Florida)
- Defendant: WestStar Bank (Texas)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 7:25-cv-00110, W.D. Tex., 03/06/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendant maintains a regular and established business presence in the district, including physical bank locations, and specifically targets customers there.
- Core Dispute: Plaintiff alleges that Defendant’s data backup and disaster recovery systems, alleged to be compliant with the financial industry’s “Sheltered Harbor” standard, infringe four patents related to secure, filter-based data processing and storage in distributed systems.
- Technical Context: The technology at issue involves methods for identifying, extracting, and securely storing sensitive data from larger data streams in a distributed manner to ensure survivability and enable controlled reconstruction after a catastrophic event like a cyberattack.
- Key Procedural History: The complaint asserts the patents are "pioneering" and have been cited as relevant prior art in hundreds of subsequent patent applications by major technology and financial services companies. It also alleges Defendant had notice of the patents due to prior lawsuits filed by Plaintiff against competitor financial institutions.
Case Timeline
| Date | Event |
|---|---|
| 2007-01-05 | Earliest Priority Date for all Asserted Patents |
| 2015-04-21 | U.S. Patent No. 9,015,301 Issued |
| 2015-XX-XX | Sheltered Harbor initiative launched |
| 2017-08-15 | U.S. Patent No. 9,734,169 Issued |
| 2019-01-15 | U.S. Patent No. 10,182,073 Issued |
| 2019-04-02 | U.S. Patent No. 10,250,639 Issued |
| 2023-11-21 | Alleged date of actual notice from lawsuits against competitors |
| 2025-03-06 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,015,301 - "Information Infrastructure Management Tools With Extractor, Secure Storage, Analysis and Classification and Method Therefor"
- Patent Identification: U.S. Patent No. 9,015,301, "Information Infrastructure Management Tools With Extractor, Secure Storage, Analysis and Classification and Method Therefor," issued April 21, 2015.
The Invention Explained
- Problem Addressed: The patent describes a technological environment where enterprises struggled with data security due to "open ecosystems" with numerous vulnerable access points, the difficulty of managing both structured and unstructured data, and the inability to effectively classify sensitive information that changes in value over its lifecycle (Compl. ¶27; ’301 Patent, col. 1:31-2:61). Conventional systems focused on securing entire data files rather than the sensitive content within them (Compl. ¶13).
- The Patented Solution: The invention proposes a method and system for organizing and processing data in a distributed computing system by focusing on the content itself. The system uses various "categorical filters" (e.g., content-based, contextual, taxonomic) to identify and extract "select content" (important data) from a data stream, storing that extracted content in corresponding secure data stores while leaving the remainder data separate (’301 Patent, col. 3:19-38, Abstract). This allows for granular security and controlled reconstruction of information based on user authorization, enhancing security and survivability (Compl. ¶52).
- Technical Importance: This approach represented a shift from file-level security to content-level security, enabling more granular control over sensitive information within a distributed network (Compl. ¶13).
Key Claims at a Glance
- The complaint asserts independent Claim 25 (Compl. ¶98).
- The essential elements of Claim 25 include:
- A method of organizing and processing data in a distributed computing system having select content important to an enterprise.
- Providing a plurality of select content data stores operative with a plurality of designated categorical filters.
- Activating at least one categorical filter and processing a data input to obtain select content and associated contextually or taxonomically associated content.
- Storing the aggregated select content in a corresponding data store.
- Associating at least one data process (e.g., copy, extract, archive) with the activated filter.
- Applying the associated data process to a further data input.
- Wherein the filter activation is automatic (e.g., time-based, event-based) or manual.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 9,734,169 - "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores"
- Patent Identification: U.S. Patent No. 9,734,169, "Digital Information Infrastructure and Method for Securing Designated Data and With Granular Data Stores," issued August 15, 2017.
The Invention Explained
- Problem Addressed: The patent addresses the need for secure, resilient data storage in distributed systems, particularly in the face of cyber-attacks or other system failures that could compromise both primary data and traditional backups (Compl. ¶62, 65).
- The Patented Solution: The invention describes a method for organizing data in a "distributed cloud-based computing system." It involves providing a plurality of data stores for "security designated data" and separate "granular data stores," all managed by a cloud-based server with access controls (’169 Patent, Abstract). The system extracts the security-designated data, stores it securely, and then parses and stores the "remainder data" in the granular stores. This segregation allows for the secure withdrawal and reconstruction of critical data under strict access controls, even if the primary production systems are compromised (’169 Patent, col. 4:28-44).
- Technical Importance: The claimed invention provides an architecture for securely isolating and managing critical data within a cloud-based framework, distinct from the production environment, to ensure recovery from a catastrophic event (Compl. ¶69, 72).
Key Claims at a Glance
- The complaint asserts independent Claim 1 (Compl. ¶129).
- The essential elements of Claim 1 include:
- A method of organizing and processing data in a distributed cloud-based computing system having select content.
- Providing select content data stores, granular data stores, and a cloud-based server, with access controls at each select content data store.
- Providing a communications network coupling the stores and server.
- Extracting and storing security designated data in the select content data stores.
- Activating a data store to permit access based on applying access controls.
- Parsing remainder data and storing it in the granular data stores.
- Withdrawing security data and parsed data from their respective stores only when access controls are applied.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 10,182,073 - "Information Infrastructure Management Tools With Variable and Re-Configurable Filters and Segmental Data Stores"
- Patent Identification: U.S. Patent No. 10,182,073, "Information Infrastructure Management Tools With Variable and Re-Configurable Filters and Segmental Data Stores," issued January 15, 2019.
- Technology Synopsis: This patent claims a method for creating a data processing infrastructure that uses a plurality of filters to identify and handle sensitive content. A key aspect of the invention is the ability to dynamically alter the initially configured filters—for example, by expanding or contracting what content is identified, or by changing the classification scheme—and then generating modified filters to organize subsequent data throughput (’073 Patent, Abstract; Compl. ¶181-182).
- Asserted Claims: Independent Claim 1 (Compl. ¶165).
- Accused Features: The complaint alleges infringement by systems that allow an enterprise to define, run, and monitor data protection policies, including creating new policies and modifying existing ones to change parameters for data replication and storage (Compl. ¶182, 185). A screenshot from a Dell instructional video shows a user interface for selecting and modifying filter options for generating reports, which the complaint offers as an example of this functionality (Compl. p. 94).
U.S. Patent No. 10,250,639 - "Information Infrastructure Management Processing Tools for Processing Data Flow With Distribution Controls"
- Patent Identification: U.S. Patent No. 10,250,639, "Information Infrastructure Management Processing Tools for Processing Data Flow With Distribution Controls," issued April 2, 2019.
- Technology Synopsis: This patent claims a method for "sanitizing" data by processing it through a system with multiple sensitivity levels and associated security clearances. The system extracts sensitive content based on its classification level and stores it in corresponding secure "extract data stores," while also handling "select content" (predetermined important data) and remainder data (’639 Patent, Abstract). A central feature is the use of content, contextual, and taxonomic filters to "inference" the sanitized data, allowing for advanced analysis and management (Compl. ¶217).
- Asserted Claims: Independent Claim 16 (Compl. ¶192).
- Accused Features: The complaint accuses systems that use filters to extract critical financial account information and analyze or "inference" that content to obtain sensitive information, which is then stored in a secure data vault (Compl. ¶217, 220).
III. The Accused Instrumentality
- Product Identification: The "Accused Instrumentalities" are identified as the data backup and disaster recovery systems and methods used by Defendant WestStar Bank that are compliant with the "Sheltered Harbor" specification, or are operationally equivalent (Compl. ¶95). The complaint identifies solutions from providers like Dell (the PowerProtect Cyber Recovery system) and Cobalt Iron as exemplary infringing technologies endorsed by Sheltered Harbor (Compl. ¶71, 92).
- Functionality and Market Context: The Sheltered Harbor standard is an industry-wide initiative launched in 2015 to protect the U.S. financial system from catastrophic cyberattacks (Compl. ¶62). Compliant systems are designed to create secure, immutable, and isolated backups of critical customer account data in a "data vault" (Compl. ¶69, 72). This vault is "air-gapped," meaning it is physically or logically separated from the bank's primary production and backup networks to prevent corruption (Compl. ¶76). A key process involves extracting critical financial data, converting it to a standardized format, encrypting it, and replicating it to the secure vault (Compl. ¶69). In the event of a disaster, the vaulted data can be used on a "restoration platform" to recover critical customer services (Compl. ¶70, 77). The complaint emphasizes that this is the industry standard and that Defendant, as a financial institution, implements such systems for regulatory compliance and to maintain customer confidence (Compl. ¶4, 94). The complaint provides a diagram from a Dell solution brief illustrating the data flow from a "Production Environment" to a "Data Vault Environment" via secure replication across an "Air-gap" (Compl. p. 32).
IV. Analysis of Infringement Allegations
U.S. Patent No. 9,015,301 Infringement Allegations
| Claim Element (from Independent Claim 25) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed computing system having select content important to an enterprise... | Defendant is the enterprise operating a distributed system to manage and protect critical customer financial account data. | ¶99, ¶101 | col. 3:19-25 |
| providing, in said distributed computing system, a plurality of select content data stores operative with a plurality of designated categorical filters... | The Accused Instrumentalities comprise a data vault with multiple designated storage units (e.g., Backup, Copy, Lock, Analyze) that are operative with categorical filters established by the enterprise's "protection policy." | ¶104-106 | col. 3:28-38 |
| activating at least one of said designated categorical filters and processing a data input therethrough to obtain said select content and associated select content, which associated select content is at least one of contextually associated select content and taxonomically associated select content, as aggregated select content... | The Accused Instrumentalities activate protection policies (filters) to extract critical financial account information (select content), which is contextually or taxonomically associated via metadata and tags. | ¶108-110 | col. 13:14-25 |
| storing said aggregated select content for said at least one categorical filter in said corresponding select content data store; | The system stores the extracted critical data in corresponding storage units within the secure data vault. | ¶112-113 | col. 4:1-4 |
| associating at least one data process from the group of data processes including a copy process, a data extract process, a data archive process, a data distribution process and a data destruction process; | The system associates data processes like copying, archiving, and distributing data with the selected content based on the established enterprise policies for data backup and vaulting. | ¶115-116 | col. 4:5-9 |
| applying the associated data process to a further data input based upon a result of said further data being processed by said activated categorical filter utilizing said aggregated select content data; | Once a protection policy is established, all subsequent data inputs are processed in the same way, with the system creating a storage unit and automatically performing backups to it. | ¶118-119 | col. 4:10-14 |
| wherein said activating a designated categorical filter encompasses an automatic activation or a manual activation and said automatic activation is time-based, distributed computer system condition-based, or event-based. | The system performs the data processing and backup automatically on a designated time interval (e.g., nightly), upon a designated condition (e.g., new data detected), or manually ("on demand"). | ¶121-123 | col. 14:38-48 |
U.S. Patent No. 9,734,169 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method of organizing and processing data in a distributed cloud-based computing system... | The Accused Instrumentalities comprise a cloud-based network of servers and software for processing and vaulting data, and can be deployed on platforms like AWS, Azure, or Google Cloud. | ¶130, ¶132 | col. 132:11-15 |
| providing in said distributed cloud-based computing system: (i) a plurality of select content data stores... (ii) a plurality of granular data stores; and (iii) a cloud-based server, each select content data store having respective access controls thereat; | The system includes a secure data vault (select content stores), production/backup systems (granular data stores), and is optionally implemented on cloud servers, with access controls like multi-factor authentication for the vault. | ¶136-139 | col. 3:34-42 |
| providing a communications network operatively coupling said plurality of select content data stores and cloud-based server; | The accused systems comprise an operatively coupled communications network that connects the production and vaulting environments. | ¶141-142 | col. 3:43-45 |
| ...extracting and storing said security designated data in respective select content data stores; | The system extracts critical financial data and stores it in the secure data vault. | ¶143, ¶146 | col. 4:28-31 |
| activating at least one of said select content data stores...thereby permitting access...based upon an application of one or more of said access controls thereat; | Access to the data vault is permitted only after satisfying security measures like multi-factor authentication. | ¶148-149 | col. 4:32-37 |
| parsing remainder data not extracted...and storing the parsed data in respective granular data stores; | Data not extracted for the vault (remainder data) is stored in production and backup systems. The complaint includes a diagram from a Dell solution brief showing "Production Workloads" and "Backup Workloads" as distinct from the "Cyber Recovery Vault" (Compl. p. 78). | ¶151-152 | col. 4:38-41 |
| withdrawing some or all of said security designated data and said parsed data from said respective data stores only in the presence of said respective access controls applied thereto. | Critical data is withdrawn from the vault and restored to the production environment only after strict access controls are satisfied. | ¶157-158 | col. 4:41-44 |
Identified Points of Contention:
Scope Questions:
- The infringement theory for the '301 Patent applies the term "distributed computing system" to modern disaster recovery architecture. A potential issue is whether the scope of this term, originating from a 2007 priority date, can be construed to read on the specific "air-gapped" and potentially "cloud-based" systems accused of infringing the later patents.
- For the '169 Patent, a central question may be whether the accused "air-gapped" data vault, which is designed to be isolated, meets the claim limitation of a "cloud-based server" that is "operatively coupl[ed]" over a communications network. The nature and persistence of that coupling may be a focus of dispute.
Technical Questions:
- The complaint equates the accused systems' "protection policies" with the patents' "categorical filters." A technical question is whether these are functionally equivalent. The analysis may focus on whether the accused systems perform the granular, content-aware filtering and classification described in the patents, or whether they perform more conventional, full-system backups that are merely directed to a secure storage location.
- What evidence does the complaint provide that the accused systems perform the claimed "parsing" of "remainder data"? The complaint alleges this occurs by storing non-extracted data in production systems, but the court may need to determine if this constitutes the affirmative "parsing and storing" steps required by Claim 1 of the ’169 Patent.
V. Key Claim Terms for Construction
Term 1: "categorical filters" ('301 Patent, Claim 25)
- The Term: "categorical filters"
- Context and Importance: This term is the core mechanism by which the invention identifies and segregates data. Its construction is critical because the infringement case hinges on mapping the accused "Sheltered Harbor" systems' "protection policies" to this term. Practitioners may focus on whether the term requires a specific type of content-based analysis or can be read more broadly to cover any rule-based system for selecting data for backup.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent states that "designated categorical filters are used to store select content relative to the category in certain SC stores," suggesting any filter tied to a data category could qualify (’301 Patent, col. 11:57-60). Claim 25 itself lists a broad group of associated "data processes" (copy, extract, archive), which could suggest the filters are part of general data management policies.
- Evidence for a Narrower Interpretation: The specification repeatedly links categorical filters to more complex "content-based filters, contextual filters and taxonomic classification filters" (’301 Patent, col. 13:33-36). This connection to specific, sophisticated filtering types, including the use of a "Knowledge Expander (KE) search engine" (col. 10:22-32), may support a narrower construction that requires more than a simple backup policy.
Term 2: "cloud-based computing system" ('169 Patent, Claim 1)
- The Term: "distributed cloud-based computing system"
- Context and Importance: This term appears in the preamble of Claim 1 of the '169 Patent and may be treated as limiting. The infringement allegation relies on the accused "data vault" architecture falling within this definition. Defendant may argue its on-premise, physically isolated "air-gapped" vault is the antithesis of a "cloud-based" system.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not appear to provide a specific definition for "cloud-based," which may lead the court to apply its plain and ordinary meaning at the time of the invention. The complaint alleges that exemplary compliant systems are designed for deployment on public clouds like AWS and Azure, suggesting the term is understood in the industry to cover such architectures (Compl. ¶132).
- Evidence for a Narrower Interpretation: The core functionality of the accused system is its isolation via an "air gap" (Compl. ¶76). This emphasis on disconnection could be used to argue against a "cloud-based" characterization, which often implies constant network accessibility. The specification's general discussion of distributed computing may not provide explicit support for equating an isolated, secure vault with a "cloud-based" system.
VI. Other Allegations
- Willful Infringement: The complaint alleges willful infringement based on Defendant’s actual notice of the asserted patents as of the date of service of the complaint (Compl. ¶226). In the alternative, it alleges notice as of November 21, 2023, due to "awareness of the patent infringement lawsuits filed by DigitalDoors against competitor financial institutions" (Compl. ¶226). The complaint further alleges that Defendant has a "policy or practice of not reviewing the patents of others" and is therefore "willfully blind to the patent rights of Plaintiff" (Compl. ¶227).
VII. Analyst’s Conclusion: Key Questions for the Case
This case appears to present three central questions for the court's determination:
- A question of technical equivalence: Do the accused "Sheltered Harbor" systems—which are described as creating immutable, air-gapped backups of critical account data based on high-level "protection policies"—perform the specific, granular, content-aware functions of the patents, such as activating "categorical filters," processing data to obtain "contextually associated select content," and affirmatively "parsing" the remaining data for separate storage?
- A question of definitional scope: Can the term "cloud-based computing system," as used in the ’169 Patent, be construed to cover a secure data vault whose defining characteristic is its physical or logical isolation from the network via an "air gap"?
- A question of direct liability: Can the Plaintiff establish that the Defendant, a bank using the accused technology for its own disaster recovery, is a direct infringer who "makes, uses... or sells" the patented methods, particularly where the system is provided by third-party technology vendors and the infringing steps may occur across different physical systems (production environment vs. data vault)?