A practical customer privacy protection on shared servers

Customer privacy protection is very important in an e-commerce site. Without such protection, the customers may not be willing to provide personal information or conduct business at the site. Therefore, the merchant should protect its customer information in order to gain customer trust. In this paper, an approach for protecting customer information on shared servers is presented. The proposed method provides customer privacy by encrypting the customer information at the client machine and allows the key to be shared between the customer and the merchant. The encrypted customer information is sent and stored on the shared server. Therefore, attackers cannot access the customer information while the merchant can easily obtain such information. To make it practical, the technique is implemented in software and is transparent to the customer. Furthermore, this solution to protect customer privacy does not significantly increase the cost to develop and deploy the system.