Expecting unique client machine/network profiles for each seller account seems fundamentally incompatible with a web-based access model. Then again, maybe it's merely incompatible with a Good web-based access model.
Modest proposal: Distribute smart cards and readers to sellers, and use mutual-auth TLS for everything. Or offer this as an option to anyone willing to pay $xxx for their initial sign-up fee.
Modest proposal: Distribute smart cards and readers to sellers, and use mutual-auth TLS for everything. Or offer this as an option to anyone willing to pay $xxx for their initial sign-up fee.