Kyndex
Concepts

Entities & Memberships

How organizations manage members, encrypted metadata, organization-scoped search, and document access without plaintext membership rosters.

An entity represents an organization in Literal: a company, institution, or verifier that needs to manage document access, membership, and organization-scoped search.

Entities let organizations verify and manage shared document workflows without requiring the application server to store plaintext organization names, membership rosters, or document relationships.

Personal And Organization Scope

Literal operates in two scopes:

  • Personal scope — a document holder manages their own documents and keys independently.
  • Organization scope — a member operates within an organization, where document access, search indexes, and encryption keys are scoped to that organization.

A single user can operate in both scopes simultaneously.

What Is An Entity?

An entity groups members, organization metadata, shared document access, and organization-scoped search under one cryptographic boundary.

When an entity is created, the secure enclave generates an organization secret that roots entity-level encryption and search. The application server stores encrypted metadata and opaque tokens, not plaintext organization details.

See Key Hierarchy for the organization secret (EMK), entity encryption key (EEK), and the derived per-member key paths.

Membership Lifecycle

Entities support two roles:

  • Admin — can add and remove members and perform all member operations.
  • Member — can access entity documents and search the entity’s document pool.

Membership records are stored using blind tokens instead of plaintext user/entity foreign keys. The application server can match tokens to route authorized operations, but it cannot read the database and reconstruct which people belong to which organizations.

Pending Membership

An admin creates a membership for an intended recipient. The membership record is created in a pending state, with a hash-lock that commits to the intended member’s signing key. Until claimed, the membership cannot be used.

Claiming Membership

The intended member proves possession of the expected signing key by producing a signature that satisfies the hash-lock. After verification, the secure enclave wraps organization key material for that member.

Active Membership

After the claim succeeds, the member can decrypt organization metadata client-side and participate in organization-scoped document workflows. Claimed members also publish delivery keys that admins can use to send encrypted document access directly to that member. See Entity Deliveries for the full delivery workflow.

The claim process combines hash-locks, member-held private keys, and signature verification so intercepted invitations cannot be claimed by someone without the intended member’s key material.

Zero-Knowledge Membership

Membership records do not store plaintext user/entity relationships. Instead, they use one-way tokens and encrypted membership identity.

A database dump reveals membership records, token equality, and encrypted blobs, but not a plaintext roster of which people belong to which organizations.

See Blind Routing for the broader relationship-tokenization model.

Encrypted Membership Identity

Each membership stores an encrypted member identifier sealed inside the enclave and bound to the specific entity. The application server stores only the ciphertext.

Because the seal is entity-bound, an encrypted identifier from one entity cannot be replayed into another entity context.

Entity-Level Encryption

Each entity has organization-scoped key material for:

  • encrypted organization metadata
  • organization search tokens
  • member-specific document access paths

These keys are derived from the entity’s secret inside the secure enclave. Members receive only the wrapped key material they are authorized to use.

See Key Hierarchy for the full key model.

Entities let organizations coordinate encrypted document workflows while keeping organization metadata, membership rosters, and document relationships out of plaintext application storage.

  • Key Hierarchy — how entity master keys, member keys, and document keys are derived.
  • Grants & Sharing — how documents are shared within and across entities through cryptographic grants.
  • Entity Deliveries — push an encrypted document key directly to a specific member.
  • Blind Routing — how Literal routes requests without learning which entity or user is involved.
  • Zero-Knowledge Model — the broader security model that underpins entity privacy and encrypted membership identity.

Last updated on

Grants & Sharing

How Literal uses time-limited, revocable grants for consent-based document access.

Blind Routing

How Literal stores sensitive relationships as opaque tokens instead of plaintext foreign keys.

On this page

Personal And Organization Scope
What Is An Entity?
Membership Lifecycle
Pending Membership
Claiming Membership
Active Membership
Zero-Knowledge Membership
Encrypted Membership Identity
Entity-Level Encryption
Related Concepts