Historically, the area of end-user, peer-to-peer (P2P) social or digital content control revolved around reliance on interim social or storage platform rules or techniques limited to the particular network's identity-specific, bespoke offerings such as Dropbox® permissions, Snapchat® ephemeral behaviors, Facebook® filters and the like. In addition, mobile peer-to-peer payment solutions like Facebook® Messenger pay, Venmo®, Square®, or Stripe®, primarily involve sending money independently from one user to another by identity or handle for no related value transaction or simply paying for prescribed or pre-configured products and services, such as in an online store, auction site or shopping cart button. Traditional content monetization sites or platforms, such as, for example, eBay®, Amazon®, iTunes®, CDBaby®, TuneCore®, Hulu®, YouTube®, and Netflix® only offer sellers long lead-times to author, ingest, and monetize fixed types of content over their channel with equally long and discounted repayment cycles. Traditional storage platforms like Dropbox®, Box®, SkyDrive®, OneDrive® and iCloud® require content to be stored on their servers in order to be protected and do not offer granular tools to secure the content and authenticate user access irrespective of their location. Specific protected document or file solutions that do not rely on interim storage require pre-arranged identities, digital certificates, and modification of the source files to instrument the granular control. They also tend to be enterprise-focused in both administration, deployment and operation, assuming a centralized control pattern and management with pre-arranged instrumentation of mobile user device end points. None of these focus on the “crowd” or provide a way to monetize the content shared or hosted that mirror how dynamically and cross-channel contemporary social media and messaging work on mobile.
The issue with all of these approaches is they do not provide users with the flexibility to secure “any” content with “anyone”, regardless of the temporal user ID, network, channel, or platform, and the payment mechanisms to immediately and interactively monetize content where the seller is paid directly, P2P, with heavy fees or discounted remuneration. None of these traditional mechanisms to share, control, and monetize digital content or assets reflect the immediacy and flexibility of social media, the P2P exchange of social interaction, the ability to monetize self-authored content in real-time (such as photos, files, music, videos, messages or information/data) with peers, or the cross-platform reality of multi-channel communication and commerce. Current systems are all leveraged toward the “cloud” not the “crowd” with respect to the form, function, favor, and features of social content control, monetization and the lack thereof. Before the present system, authenticating user access to shared content generally involved users authenticating against factors or secrets to gain access to a device or cloud/website/app-based resource. All such security assertions emanated from and were authored and controlled by the hosting site or application, be it a website, cloud storage, game, media content, social media platform, chat, or messaging platform. Despite end users sharing content over said sites, apps and networks, the security was hosted and controlled by the central site, acting as a hub and spoke. P2P trust and security, as defined as authored and controlled by the peers, as opposed to by a central website or asset/resource host, has thus remained elusive. Users could only establish trust of the other peer user(s) or enforce access to their shared content through permissions and mechanisms both unique to (isolated) and under the guise of the central site or app platform or network. Ephemeral systems such as SnapChat® and Vera® only increase the complexity of managing such assets in a prescriptive way and still retain control over the ephemeral asset qualities without hints of personal control, real-time influence, and, of course, immediate monetization capabilities.
This current state of the art has left an empty hole with respect to P2P social content security, control, and monetization of digital assets and information the users share between or among third party sites, apps and networks. In addition, user-authored tools and techniques to construct, apply, and enforce said security and monetize amongst their assets and peers has been wholly absent from the prior solution due to four primary reasons. First, the hosting sites, apps, and networks hold a commercial interest in maintaining sole control over the end user security, identity, privacy (or lack thereof), and payments in so much that it serves their commercial purposes and competitive advantage. Second, these site, app, and network security tools are typically limited to the platform in question and generally do not transcend particular platforms or channels, as end users do themselves during the normal course of their digital lifecycle. Third, such walled-garden authentication and monetization tools serve primarily to verify the end user/customer to the site, thereby causing the site to proxy that trust to other users and other content without distinct and individual user control, configuration management, application, obfuscation, and/or repudiation of said credentials and contexts. Fourth, the platforms that do allow content monetization only do so for largely prescriptive content that has been ingested ahead of time and shared en-masse in a store, shopping cart, or broadcast fashion without respect to immediate authoring or sharing and individual controls. In addition, these platforms charge a considerable fee (upwards of 30-40%) for hosting and selling the prescriptive digital content (like images, songs, videos, books, files) in which they the platform collect the fees and only remit back to the seller, periodically, the discounted and often accumulated remainder. Before the present system there were no real-time, P2P content authoring and sharing, monetization and remuneration solutions for the “crowd” on mobile devices.
The first challenge is to design a system where users can simply and easily share, control, and monetize digital content from their mobile device over any platform, channel, or network. Outside of the often patronized channel or platform, the user must be able to triangulate and impose their own security and financial requirements and rigor to validate the recipient against who they are, where they are, what device they are one, when they are, what they have or do, what they must pay and what they know or can demonstrate, or a combined context of all of the above, against fixed or dynamic thresholds. They must be able to do this mutually, synchronously, asynchronously, and across disparate networks, platforms, devices and contexts.
The second challenge is to design a system where users can independently control the content they share with other users across any device, network, or platform, regardless of the content asset type, location, duplication, transmission or format, and regardless of its ownership or hosting status—in terms of content by reference (a link) or by value (an attachment). Current authentication measures generally cover control of the content at the vendor level in bespoke or proprietary walled gardens, such as Facebook®, Box®, Dropbox®, or other custom silos where rules are enforced at the point of local access, according to those platform's rules. Despite owning the content being hosted or shared, users are able to only manipulate those rules and monitor the enforcement, rather than, authoring or controlling them irrespective of the hosting platform or network.
The third challenge is to design a system where users can ideally merge the concepts of user authentication and share or asset authentication/control into a single, combined, contextual event. No share or asset is considered independent (and therefore accessible) outside of the event of access by a user or users in a particular context. In short, assets should be protected in contextual motion (during access) rather than at static rest. Balancing security in favor of this user+share authentication context generally increases protection and customization while reducing persistence and predictability, along with a host of other techniques that sidestep the liabilities, cost, complexity, lack of scalability, risk and management of traditional multi-factor or file encryption methods.
The fourth challenge is to design a system that preferably contextualizes all possible security factors into a dynamic, dependent, and interactive context as opposed to mere validation of static stored, linear or sequential credentials. The ideal trust context would preferably comprise a) one or more devices and their unique properties, presence and performance, b) location and proximity measurements according to individual or composite perspectives of the sender, recipient, device, and server, c) the voluntary or in voluntary behavior of the user and their device or devices, such as touch, gesture, motion, orientation, biometrics, sound, vision, etc., d) the time-limited access to any share by any user, and e) knowledge or secret data information whether challenged and responded, shared, self-authentication for derived/algorithmic. Any combination or isolation of these factors, in a particular context, would be required to simultaneously and interdependently authenticate the share asset and recipient access together.
The fifth challenge it to design a system that preferably maintains the end user privacy and utmost control (at a P2P level) through all of these mechanisms, offering ultimate freedom to trust, share and secure the peers and content without fear of hacks, compromise, privacy invasion, or reprisal. By creating an intelligent system of access, denial, assertion and even misdirection, the sender, receiver, and assets would remain secure and private, both physically and cognitively. It also requires systemic protection from privacy exposure with commensurate assurances the security in question is offline from the asset and platform in terms of independence and anonymity.
The sixth challenge is to provide a seamlessly integrated mobile method to monetize the sharing and control of digital content on a P2P basis where the fees and requirements are set solely by the sender, payments are remitted directly back to the sender from the recipient without interference or burdensome charges from the platform acting as a proxy, store, or “layer”. In addition, the payment mechanisms must be immediate to allow sender near real-time access to their funds and reduce costs for both the sender and recipient thus supporting a more valuable and equitable transaction. Ideally, the P2P monetization model must support both one-time and recurring (or subscription-based) payments whose validation defines initial and subsequent share access by recipients either locally or across a network. The payment mechanism must slipstream into existing sender/recipient social or e-commerce payment mechanisms already found on their mobile device and integrate with an existing social and digital e-commerce lifestyle.
Current peer authentication measures fail to offer a solution to the above challenges without the following traditional pitfalls, including: a) relying on stored value tokens, cookies or certificates (PGP—pretty-good-privacy) to pre-bake user endpoints and devices as trusted participants; b) reliance on third-party transmission of out-of-band or one-time passwords or tokens; c) naive federation of trust among different vendor systems outside the user control, thus offering a single point of repeatable failure; d) a cumbersome local storage of keys and encryption tools to simply “obfuscate” the validation or protection in terms of mathematical indirection versus true, derived and universally unique authentication; e) complete obviation of cross-context user control over their security, trust, content and privacy in deference to the moonlighting or federated hosting site, server or issued credentials; f) lack of independent user or peer authorship, participation, and ownership of the security process; and g) lack of capabilities to support user or peer maintenance or enforcement of their own privacy and integrity across disparate communication channels and platforms.
Examples of limited or deficient systems with respect to mobile peer authentication include U.S. Pat. No. 7,974,234 for a method of authenticating a mobile network node in establishing a peer-to-peer secure context between a pair of communicating mobile network nodes; U.S. Pat. No. 9,100,222, for a system and method for mobile user authentication; and U.S. Pat. No. 8,892,461 for a mobile device user behavior analysis and authentication.
Current content authoring, peer-sharing/control and messaging privacy measures fall into one of three trite types: per-user access controls; per-asset encryption; or ephemeral asset behavior. There is typically a) an unfortunate requirement for hosting of said shared content on a specific platform, b) reliance on particular endpoint identities to enforce content control, encryption or payment, c) proxied peer payments resulting in long lead times, large commissions and delayed remittance, d) system or platform limited rules for content control, ephemeral behavior or real-time control enforcement, e) inability to truly authenticate the recipient accessing or consuming the content and f) a lack of support for both synchronous or asynchronous processing of authentication, payment and asset control.
Examples of this failed or limited current systems with respect to content control and messaging privacy are demonstrated by U.S. Pat. No. 9,112,936 for systems and methods for ephemeral eventing and U.S. Pat. No. 8,909,725 for content delivery network for ephemeral objects, and U.S. Published Patent Application No. 2015/0082391 for secure messaging.
Current social or peer payment prior art are limited to specific social or payment networks, sending funds directly for no associated purpose, motivation or restriction. Current traditional e-commerce marketplace and payment prior art are limited to specific content types and require pre-arranged content preparation, approval and hosting or streaming, such as Amazon®, iTunes®, CDBaby®, TuneCore®, Hulu®, YouTube®, eBay®, Netflix®, Spotify®, etc. They are limited to specific types of content or streams for sale or subscription at a specific offering point (store, auction, stream, cart, site or in-app purchase) and are subject to considerable platform fees and restrictions. The seller/sender has no control over the flexibility of content, price, platform, placement and payment. The entire authoring, ingest, tagging, share, sell, and remittance process in these traditional systems do not reflect the immediacy, personalization and omni-channel flexibility of social media.
Examples of the failed or limited systems with respect to social or mobile payments between peers are shown in U.S. Pat. No. 8,369,828 for Mobile-to-mobile payment system and method; U.S. Pat. No. 7,848,980 for mobile payment system and method using alias; and U.S. Pat. No. 8,589,236 for Mobile payment station system and method.
Thus, based on the foregoing, what is needed is a simple, secure, and distributed mobile, peer-based asset authentication and monetization system and method that overcomes the deficiencies in the systems that are currently available. The present method and system of this disclosure solves these deficiencies and generally represents a new and useful innovation in the space of independent and interactive P2P access authentication, digital content control and P2P monetization across all networks, platforms and devices that favors the crowd over the cloud.