In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all critical transaction communications between the parties, based on the ease of creating fraudulent digital content. In TTP models, the relying parties use this trust to secure their own interactions. TTPs are common in any number of commercial transactions and in cryptographic digital transactions as well as , for example, a certificate authority (CA) would issue a digital identity certificate to one of the two parties in the next example. The CA then becomes the Trusted-Third-Party to that certificates issuance. Likewise transactions that need a third party recordation would also need a third-party repository service of some kind or another.
'Trusted' means that a system need to be trusted to act in your interests. But it has the option (either at will or involuntarily) to act against your interest. 'Trusted' also means that there is no way to verify if that system is operating in your interests, hence the need to trust it. Corollary: if a system can be verified to operate in your interests, it would not need your trust. And if it can be shown to operate against your interests one would not use it.
Suppose Alice and Bob wish to communicate securely — they may choose to use cryptography. Without ever having met Bob, Alice may need to obtain a key to use to encrypt messages to him. In this case, a TTP is a third party who may have previously seen Bob (in person), or is otherwise willing to vouch that this key (typically in an identity certificate) belongs to the person indicated in that certificate, in this case, Bob. In discussions, this third person is often called Trent. Trent gives it to Alice, who then uses it to send secure messages to Bob. Alice can trust this key to be Bob's if she trusts Trent. In such discussions, it is simply assumed that she has valid reasons to do so (of course there is the issue of Alice and Bob being able to properly identify Trent as Trent and not someone impersonating Trent).
How to arrange for (trustable) third parties of this type is an unsolved problem. So long as there are motives of greed, politics, revenge, etc., those who perform (or supervise) work done by such an entity will provide potential loopholes through which the necessary trust may leak. The problem, perhaps an unsolvable one, is ancient and notorious. That large impersonal corporations make promises of accuracy in their attestations of the correctness of a claimed public-key-to-user correspondence (e.g., by a certificate authority as a part of a public key infrastructure) changes little. As in many environments, the strength of trust is as weak as its weakest link. When the infrastructure of a trusted CA is breached the whole chain of trust is broken. The 2011 incident at CA DigiNotar broke the trust of the Dutch governments PKI, and is a textbook example of the weaknesses of the system and the effects of it. As Bruce Schneier has pointed out, after the 2013 mass surveillance disclosures, no third party should in fact ever be trusted.