PPEP: A Deployable Privacy Preserving E-Commerce Protocol for Electronic Goods

Today's e-commerce transactions reveal private information of customers whose identities are ultimately disclosed during payment. When online transactions are linked to customer's identities, private information such as their health condition, religion, and ethnicity can be deduced. This private information can be used for discrimination, investigation, profiling, and other forms of privacy violations against the customer. We propose a Privacy Preserving E-Commerce Protocol (PPEP) that decouples or unlinks online transactions from customer identities, thereby giving online shoppers anonymity within e-commerce sites. PPEP is designed to work within the constraints of existing e-commerce technology and requires minimal changes at the customer and merchant sites, increasing its chances for deployability. The current protocol supports transactions for e-goods only. We also present a scheme in PPEP that enables merchants to perform customer management (i.e., reward programs or product recommendation) without revealing customers' identities to the merchants.