Back to Projects
Trust Infrastructure for Digital Media

Trust Infrastructure for Digital Media

Designed and delivered the first independent trust infrastructure at TrustNXT, enabling end-to-end provenance and tamper-evidence for images and videos. Created a scalable serverless foundation on AWS and developed multiple full stack applications. Shipped a multi-tenant whitelabel backend for tokenized capture flows and client SDKs. The platform exposes SDK APIs for certificate issuance (Protect), verification (Inspect), and RFC3161 timestamping, enabling creators and enterprises to protect content and allow simple public verification. Contributed to the open-source c2pa-ts to keep the platform aligned with the C2PA standard.

TypeScriptNode.jsNext.jsReactReact Native (Expo)Kotlin (Android)Tailwind CSSC2PAAWS CDKAWS LambdaDynamoDBS3ACM Private CASwagger UIFumadocsC2PA
Go to Website

Project Details

Client

TrustNXT GmbH

Industry

Insurtech · Trust & Safety · Digital Media

Location

Hamburg, Germany

Services

Cloud Architecture, Full-stack Development, Security & PKI Engineering, SDK Development, DevOps, Developer Experience & Documentation

Challenge

Deliver verifiable provenance and anti-tamper guarantees for insurer-grade photo/video workflows under AI manipulation threats — while keeping capture/verification UX simple and standing up secure, auditable infrastructure from scratch.

Solution

Working closely with the CTO, we implemented AWS-native microservices, multi-tenant APIs, and deep-link flows with SSR. Cross-platform SDK APIs cover Protect (ephemeral client certificates via ACM PCA), Inspect (manifest/label verification), and RFC3161 Timestamping. iOS and Android mobile apps serve as another client for the backend, offering core functionality on mobile devices. Implemented serverless microservices architecture on AWS, developed multiple Next.js applications for different use cases, and implemented Coalition for Content Provenance and Authenticity (C2PA) specification.

Results

  • Cloud and mobile app experience for protected capture and public verification
  • Scalable AWS serverless infrastructure and multi-tenant APIs
  • Designed and operated Trust SDK APIs: Protect (ephemeral client certificates via ACM PCA), Inspect (label verification), and RFC3161 TSA
  • Built a multi-tenant whitelabel backend with token lifecycle, secure photo ingestion, inspection pipeline, and React SSR deep-link landing
  • Developed TypeScript Web SDK and Kotlin Android SDK with documented flows (Fumadocs); collaborated on iOS SDK without owning the iOS app
  • Set up developer experience and observability: CloudWatch dashboards/alarms, Slack ChatOps, Swagger UI, LocalStack
  • Contributed to open-source c2pa-ts (TypeScript C2PA implementation by TrustNXT), aligning product with industry standards
  • Enabled insurer-focused demos and pilots for fraud-resilient capture and verification