A decentralized health records management system where users store encrypted health records on-chain with TEE-based encryption/decryption and maintain full control over access and sharing.
- View βRegisterβ button for new users
- call-to-action: βRegister Userβ
- For registered users:
- View βUpload Health Recordβ button
- View list of previously uploaded health records
- Each record shows:
- File name / description
- Upload timestamp
- Share icon/button to grant access
- Call-to-action: βUpload Health Recordβ
- Connect wallet (via Solana Mobile Wallet Adapter)
- Create user health vault account on-chain (register userβs public key)
- Confirmation screen: _"Registration Successful"
- Select health document type (e.g., PDF, image, JSON, etc.) Data encrypted locally inside a TEE
- Encrypted data is stored on to the IPFS
- CID and access control list are stored on chain
- Confirmation message + record listed in user's dashboard
- View list of all uploaded records
- User can filter records by type or date
- Each entry includes:
- Record name
- Description
- Timestamp
- Share icon to manage permissions
- Decrypted data rendered securely on mobile
- Click on βShareβ icon next to a record
- Choose organization from list
- Smart contract updates access control list
- Organization accesses the record, decrypted inside the TEE
- User sends health record to TEE enclave
- TEE encrypts the record with its public key and returns the encrypted data
- The encrypted data is sent to IPFS, which returns the CID
- User submits CID to smart contract
- Contract stores CID on Solana
- User record is stored in a PDA with seeds ["user", userAddr, recordID]
-
User requests their health record from contract
-
Contract returns CID to user and then the data is fetched from the IPFS
-
Encrypted data is returned from the IPFS
-
TEE decrypts and returns readable record
- User grants access permission to organization
- Organization can retrieve encrypted record from contract
- Organization uses TEE to decrypt (with user's permission)
- Access is logged and can be revoked anytime
- Create user health vault account on chain
- Initialize the record counter
- Store user's public key and user metadata
- Track total records stored per user
- Store Health Record On Chain
- Store CID of the encrypted data on-chain
- Each record has unique ID and metadata
- Store record info: category, date, file type, size, access list of organisations
- Link all records to user account
- Grant access permissions to organizations
- Optional: Set time-limited access (24hrs, 7days, 30days)
- Allow users to revoke access anytime
- Return encrypted records to authorized users
- Verify user ownership before retrieval
- Check organization permissions before sharing
- Deploy secure enclave for encryption/decryption
- User key management within TEE
- Set up attestation verification
- Implement methods for encryption and decryption of user health records.
- Secure communication channel with TEE enclave
- Verify TEE attestation before operations
- Encrypted data processing only in TEE
- Only record owner(user) can grant/revoke permissions
- Validate permissions before any data access
- Time-based expiration for organization access
- IPFS stores the data which is encrypted by the TEE
- TEE encryption/decryption workflow
- Health record storage and retrieval
- Access permission granting/revoking
- User account management
- Organization access validation
- TEE attestation verification
- Unauthorized access prevention
- End-to-end encrypt-store-retrieve flow
- Multi-organization sharing scenarios
- TEE-blockchain communication
git clone https://github.com/vitwit/healthlock.git
cd healthlockEnsure the following tools are installed:
- Rust
- Solana CLI
- Anchor
- Node.js (v18+ recommended)
- React Native CLI
- Android Studio
solana-test-validatorLeave this running in a terminal.
anchor build
anchor deploynpx ts-node client/client.tsMake sure your local wallet is configured and funded:
solana config set --url http://127.0.0.1:8899
solana airdrop 2cd tee-client
make build
./tee-client start --config example.config.tomlThis will start the simulated Trusted Execution Environment (TEE) server.
π§ Leave this running in the background as it handles encryption/decryption.
In a new terminal window:
cd frontend
npm install
npm run startMake sure an Android emulator is running, or your phone is connected via USB with USB debugging enabled.
Once the frontend launches:
- Tap Register to create your on-chain vault.
- Upload encrypted health records (stored on IPFS).
- View your uploaded records.
- Share with organizations securely via smart contract-based access control.
- Health data is encrypted within a Trusted Execution Environment (TEE).
- Only users have decryption keys β even the TEE provider cannot access raw data.
- IPFS is used to store the encrypted records off-chain.
- On-chain smart contracts store metadata and access permissions.
- Organizations must register and be granted permission to access records.
programs/- Anchor-based Solana smart contracts.client/- Script to initialize on-chain state.tee-client/- Simulated Trusted Execution Environment.frontend/- React Native app to interact with the system.