Apply Military grade security with SplitKey Cryptography

100%

More user trust & secured

0%

Chance of data being hacked

100%

Reusable component
Strategizing solution for enterprise data security

Implementing Enterprise Data Security

Click here to download

Customer Overview

iQabinet is a SaaS platform designed to simplify how individuals and families store, manage, and share sensitive personal documents with trusted professionals. From financial records and medical information to household utilities and institutional credentials, the platform centralizes high-value data and keeps users informed through secure sharing and real-time alerts. As a product built around deeply confidential information, enterprise data security sits at the core of iQabinet’s value proposition.

Project Overview

Given the sensitivity of the data iQabinet manages, the team required a security model strong enough that even if the underlying data were stolen, exposed, or accessed outside the platform, it would remain unreadable and impossible to decode. They decided to apply Split Key Cryptography, where each user’s data is encrypted with a private key that is locked by the user’s password and then split into two independent components. One part stays with the system, and the other is shared with the user, and neither piece can reveal or reconstruct the original key on its own. iQabinet partnered with TenUp to translate this design into a production-ready implementation that delivers uncompromising, end-to-end data security for every user.

Challenges

TenUp faced a series of cryptographic and usability challenges that required rethinking key management, strengthening data protection across two databases, and maintaining a seamless user experience without weakening security.

  • Selecting the right cryptographic algorithm that delivers strong security without compromising performance for encrypting and decrypting high-volume user data by evaluating options like RSA and AES.
  • Designing a secure mechanism to lock each user’s private key with their password and then split that password into two independent components, while ensuring the system-stored portion could never be compromised.
  • Guaranteeing reliable and tamper-proof delivery of the user’s shareable key, since any loss or failed delivery would leave users unable to decrypt their own data.
  • Improving the login experience so that users do not need to manually upload their shareable key during every authentication attempt, while still preserving the integrity of Split Key Cryptography.
  • Creating centralized, cross-cutting cryptographic functions that automatically encrypt data on writes and decrypt it on reads across both MongoDB (storing unstructured data) and PostgreSQL (storing relational user information), removing the risk of developers handling encryption inconsistently.
  • Ensuring secure storage and retrieval of highly sensitive documents such as financial statements and medical records, including preventing unauthorized access or downloads even if the underlying storage were compromised.

Solution

TenUp translated iQabinet’s Split Key Cryptography design into a production-grade military grade encryption software architecture, combining distributed credentials, hybrid RSA–AES encryption, controlled key delivery, and centralized cryptographic operations to ensure end-to-end protection across every data flow.

  • Implemented a Split Key Cryptography model combining RSA and AES, using RSA only for private-key protection and AES for high-performance encryption/decryption of user data to maintain strong security without compromising speed.
  • Generated an RSA private key for each user at registration, locked it with the user’s password, and created a unique 18-character AES secret encrypted with that private key for all subsequent cryptographic operations.
  • Designed a distributed-credential mechanism that splits the user password into two mathematically independent components (shareable and non-shareable) and ensures the password cannot be reconstructed even if both strings are exposed.
  • Secured the system-stored (non-shareable) component using a master private key protected by AWS KMS, keeping server-side credential fragments inaccessible to attackers.
  • Built a controlled workflow forcing users to download their shareable key immediately after registration, with a timed deletion on the server and audit checks that block content creation until the key is successfully downloaded or regenerated.
  • Strengthened login flows by validating username, password, and the user-held shareable key on every authentication event to preserve the integrity of Split Key Cryptography.
  • Added a centralized cryptography layer that implicitly encrypts data on every write and decrypts it on every read across MongoDB, PostgreSQL, and S3, ensuring consistent protection without requiring developers to handle encryption logic.

Benefits

The Split Key Cryptography implementation strengthened iQabinet’s enterprise data security posture by providing protection comparable to military cryptography standards and unlocked meaningful business gains.

  • Strengthened user confidence through end-to-end encryption of all stored data, backed by HTTPS-secured communication across the platform.
  • Eliminated exposure risk even in breach scenarios because data cannot be decrypted without both password fragments, protecting the business from liability while ensuring uncompromised user privacy.
  • Enabled the client to package and reuse the Split Key Cryptography implementation as an independent library, creating an additional value stream beyond the core product.

Technology

  • RSA
  • AES
  • AWS KMS
  • MongoDB
  • PostgreSQL
  • Amazon S3
  • HTTPS/TLS
  • Custom cryptography layer
  • Mathematical splitting algorithm

Industry

  • SaaS
Planning to implement enterprise data security

Conclusion

TenUp implemented Split Key Cryptography to help iQabinet apply enterprise data security with military-grade protection to its centralized database management system. This tailor-made solution not only optimized operational efficiency but also provided unparalleled modularity. As a result, iQabinet was able to maintain its market-leading position and expand its customer base.

Frequently asked questions

What makes Split Key Encryption different from standard encryption?

faq arrow

Split Key Encryption differs from standard encryption by dividing the key into separate, independent shares so no single system or person ever holds the full key. Unlike standard encryption—where one complete key is stored and becomes a single point of failure—split keys require multiple shares to decrypt data, making breaches far less effective and security far more resilient.

What is Enterprise Data Security and why does it matter for SaaS platforms?

faq arrow

Enterprise Data Security protects an organization’s sensitive data from unauthorized access, breaches, and misuse. For SaaS platforms, it matters because user information lives in the cloud—making strong encryption, access control, and continuous monitoring essential to prevent data leaks, meet compliance, and maintain customer trust.

How does Split Key Encryption strengthen Enterprise Data Security?

faq arrow

Split Key Encryption strengthens enterprise data security by dividing the encryption key into multiple independent shares so no single system can decrypt data on its own. Even if one server, device, or admin account is breached, the attacker gets nothing—eliminating single points of failure and dramatically reducing the risk of insider or external compromise.

How does Split Key Encryption improve enterprise data security for SaaS products?

faq arrow

Split Key Encryption improves enterprise data security for SaaS products by splitting the decryption key into separate shares so no single system—including the SaaS provider—can access user data alone. This prevents unauthorized access, reduces insider-risk, and gives enterprises full control over their encrypted data, even in multi-tenant cloud environments.

What are the biggest enterprise data security risks for document-storage platforms?

faq arrow

The biggest enterprise data-security risks for document-storage platforms include unauthorized access, credential theft, misconfigured cloud storage, insecure APIs, and weak or inconsistent encryption. These issues can expose sensitive files to breaches or leaks. Modern platforms mitigate them with strong key management, access controls, continuous monitoring, and a centralized cryptography layer.

Is Split Key Encryption scalable for large enterprise workloads?

faq arrow

Yes. Split Key Encryption is highly scalable when used with a hybrid model, where split keys protect the master key and fast symmetric encryption handles bulk data. This lets enterprises secure millions of records across distributed systems without adding latency or bottlenecks.

How does Split Key Encryption prevent insider threats?

faq arrow

Split Key Encryption prevents insider threats by ensuring no single employee, admin, or system ever holds the full decryption key. Each party only has an isolated key share that reveals nothing on its own, so even with full database or server access, insiders cannot decrypt user data without the missing shares.

Why is Split Key Encryption becoming popular in high-risk industries?

faq arrow

Split Key Encryption is growing popular in high-risk industries because it removes single points of failure and ensures no provider, insider, or attacker can access full decryption keys. By distributing key shares across multiple parties, it offers stronger breach resistance, regulatory compliance, and unmatched protection for sensitive financial, medical, and identity data.

Download Case Study
Contact us