Instant personalization security

摘要

A method and system for instant personalization security are provided. The system includes a platform for a user to open applications and/or access web sites. When an application is integrated with the platform, the identification of the application can be combined with the ID of the user and encrypted into a hashed ID. The application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application only has access to a pseudonymous profile (e.g., the hashed ID, first name, last initial, small profile pictures, and/or other non-fully identifying profile information) of the user. One or more options are then provided for the user to authorize or reject the application to access the user's fully identifying profile. Upon the user's authorization, an access token is provided to the application to access a subset of the user's fully identifying profile.

主权项

1. A method comprising:
providing a platform for a user to use applications and/or access web pages; when an application or a web page is integrated with the platform, combining at least an identifier of the application or the web page (application ID) with an identifier of the user (UID) and the birthday of the user in a social networking system into a combined string; encrypting the combined string into a hashed ID according to a hash function; linking the hashed ID with a pseudonymous profile of the user, wherein the pseudonymous profile includes the user's profile picture, URLs, first name, or last initial; providing, to the application or the web page, the hashed ID to identify the user; providing one or more options for the user to authorize or reject the application or the web page to access the user's fully identifying profile; and upon the user's authorization, providing the application or the web page an access token to access a subset of the user's fully identifying profile in the social networking system.