Tutorial: Private e-Commerce Company #35
Description
The Private E-Commerce Company wants to strengthen consumer privacy in the area of e-commerce. We have three entities; the Seller, the Shipper and the Buyer. The Seller sells the Product to the Buyer. The Seller then ships the Product to the Buyer using the Shipper's shipping service.
Make the case concrete, like an online bookstore. How can we maximize security and privacy? I.e. principle of least privilege and data minimization.
When the buyer has paid the seller generates a public--private key pair, gives the private key to the buyer and the public key to the shipper. The buyer uses the private key to sign the receipt of delivery, the shipper can verify it's the right person and the seller can verify that the package has been delivered to the right person.