TRUSTED THIRD PARTY (TTP)

As a trusted party, we manage our clients' keys necessary for encryption and decryption. We also advise companies on setting up trusted party models. Particularly in the fields of medicine, healthcare and in connection with behavior-specific data (e.g., from human resources), it is important for all parties to establish a neutral body that ensures that individuals cannot be identified and that the business case is considered.

What is a trusted third party?
What services does TTP provide?
Wie starten wir ein TTP Projekt?

What is a trusted third party?

A trusted third party (TTP) for data keys is a trusted third party that is responsible for securely managing and providing cryptographic keys. These keys are used to encrypt or decrypt data and play a critical role in protecting the confidentiality, integrity, and authenticity of information.

The main tasks of a trusted third party for data keys include:

  • Key management: TTP creates, stores, and manages cryptographic keys. This includes generating keys, distributing them to authorized parties, securely storing them, and updating or renewing keys regularly.
  • Key exchange: TTP supports the secure exchange of keys between communication partners. This can be done through various methods, including asymmetric key exchange protocols or the use of key distribution solutions.
  • Certification and authentication: TTP can issue and manage certificates to verify the identity of users or entities. These certificates serve as digital IDs and are used to ensure the authenticity of communication partners.

Examples of TTP business cases include:

  • Medical service provider requires pseudonymization of medical data
  • Health app for analyzing data
  • Transfer of human resource data for analyzes
  • Clinical studies with external providers
  • Pseudonymization of telephone survey data
  • Sensitive traffic data (GPS)

What services can SIDD provide as a trusted third party?

As a trusted third party for data keys, we offer a range of services to ensure that system providers do not have access to their customers' data. This includes:

  • Create pseudonymization keys according to your specifications: We generate pseudonymization keys in accordance with your specific requirements and security policies. These keys are used to pseudonymize personal data and thus protect it from unauthorized access.
  • Safe storage and storage of keys: Our highly secure storage systems ensure reliable storage of your keys. With robust encryption techniques and strictly controlled access mechanisms, we ensure that your keys are protected against unauthorized access.
  • Function as trustee for private keys for encryption and/or pseudonymization: As a trustee, we manage your private keys to encrypt and/or pseudonymize sensitive data. We guarantee their integrity while preventing unauthorized access.
  • Technical advice: Our experts provide comprehensive technical advice on all aspects of key management and data pseudonymization. From selecting suitable encryption algorithms to implementing robust security measures, we are here to support you with our expertise.
  • Coordination of stakeholder communication: We coordinate and communicate between all relevant parties to ensure that your data keys are effectively managed and that your data protection requirements are met.
  • Development of pseudonymization solutions by our privacy engineers and developers: If required, our experienced privacy engineers and developers develop customized pseudonymization solutions that meet your specific requirements. We combine proven methods with innovative approaches to maximize the protection of your sensitive data.

With our comprehensive services as a trusted third party for data keys, you can be sure that your data is safe and secure at all times.

How do we start a TTP project?

After a free initial consultation, in which we clarify the details of your requirements, we will provide you with an offer. After the assignment, we create a project plan with timeline, etc. and proceed as follows:

Project planning & stakeholder onboarding

Together, we create a project plan for your key management project. Depending on the timeline, we also involve your other stakeholders (mostly customers)

Kick-off meeting

In the kick-off meeting, the project plan is discussed, and communication channels are defined.

Technology & process definition

Depending on the project, we start with technical coordination. In this step, customers usually provide their key management solution. This is then taken over by us and operated on our infrastructure.

Technical implementation

As part of implementation, the systems are set up or even programmed first by our developers.

Testing & User Acceptance Testing

After installing and configuring key management (developed by the customer or by us), we start the test phase. Here, testing is carried out by our customers or carried out by specialized testing service providers.

Handover and go-live of key management

The last step is the transfer and productive operation of key generation and storage for the customer.