The Trusted Server: A secure computational environment for privacy compliant evaluations on plain personal data

TL;DR

The paper introduces the Trusted Server, a cryptographically secure environment that enables privacy-compliant processing of personal data without reliance on human administrators, enhancing data security and privacy.

Contribution

It presents the Trusted Server as a novel secure environment that prevents data access by administrators, addressing privacy risks in traditional computational infrastructures.

Findings

Provides a sealed, inaccessible environment for data processing

Ensures data cannot be read or manipulated by unauthorized parties

Enables privacy-compliant evaluation of personal data from multiple sources

Abstract

A growing framework of legal and ethical requirements limit scientific and commercial evalua-tion of personal data. Typically, pseudonymization, encryption, or methods of distributed com-puting try to protect individual privacy. However, computational infrastructures still depend on human system administrators. This introduces severe security risks and has strong impact on privacy: system administrators have unlimited access to the computers that they manage in-cluding encryption keys and pseudonymization-tables. Distributed computing and data obfuscation technologies reduce but do not eliminate the risk of privacy leakage by administrators. They produce higher implementation effort and possible data quality degradation. This paper proposes the Trusted Server as an alternative approach that provides a sealed and inaccessible computational environment in a cryptographically strict sense. During operation or by direct physical access to storage media, data stored and processed inside the Trusted Server can by no means be read, manipulated or leaked, other than by brute-force. Thus, secure and privacy-compliant data processing or evaluation of plain person-related data becomes possible even from multiple sources, which want their data kept mutually secret.