Anti-fake system for color-coated products and double-layer encryption and decryption method thereof

By using a two-layer encryption system combining the national cryptographic SM4 algorithm and a custom SPN structure, and generating derived keys using the PBKDF2 algorithm, the security and integrity issues of QR codes in the anti-counterfeiting system for color-coated products are solved, achieving efficient and secure product traceability and anti-counterfeiting effects.

CN122179102APending Publication Date: 2026-06-09SHANGHAI YUANZHI INFORMATION TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANGHAI YUANZHI INFORMATION TECH
Filing Date
2026-03-25
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

The QR codes in the existing anti-counterfeiting system for color-coated products are not secure enough, making them easy to counterfeit and tamper with. Furthermore, the encryption algorithms do not conform to national cryptographic standards, making it impossible to effectively detect data integrity. The single key is easily cracked, leading to counterfeit and substandard products entering the market.

Method used

A two-layer encryption system using the national standard SM4 algorithm and a custom SPN structure is adopted. A derived key is generated by combining the PBKDF2 algorithm. Multiple rounds of obfuscation encryption are performed through character substitution and position permutation. An integrity verification mechanism is introduced to generate Base62 format ciphertext.

Benefits of technology

It significantly improves the security and anti-attack capabilities of anti-counterfeiting labels for color-coated products, ensures data integrity, meets national cryptographic standards, and improves encryption and decryption efficiency in high-concurrency scenarios, achieving the security requirement of "one item, one code".

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179102A_ABST
    Figure CN122179102A_ABST
Patent Text Reader

Abstract

The application discloses a color-coated product anti-counterfeiting system and a double-layer encryption and decryption method thereof, and specifically comprises the following steps: in the encryption process, the first layer uses the SM4 national encryption algorithm to encrypt plaintext; the second layer derives a key based on the PBKDF2, and performs three rounds of confusion encryption on the first layer ciphertext, including character replacement and position replacement, to generate second layer ciphertext; finally, a check code is generated based on the derived key, and the last character of the second layer ciphertext is replaced to form the final ciphertext; in the decryption process, which is the reverse process of the encryption process, the same derived key is generated and the check code is verified, and the first layer ciphertext is obtained through reverse confusion processing, and then the plaintext is restored by using the SM4 decryption. The application constructs a double-layer encryption system of the national encryption algorithm and a self-defined confusion structure, meets the national encryption regulation requirements, greatly improves the randomness and anti-cracking ability of the anti-counterfeiting code through multiple rounds of confusion and integrity check, effectively prevents data forgery and tampering, and the ciphertext length is suitable for two-dimensional code coding.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of information security technology, and in particular to an anti-counterfeiting system for color-coated products and its dual-layer encryption and decryption method. Background Technology

[0002] With the rapid development of the Industrial Internet and intelligent manufacturing, the need for anti-counterfeiting and traceability of color-coated products, as important materials in industries such as construction and home appliances, is becoming increasingly urgent. Traditional color-coated product labeling often uses paper labels or simple QR codes, which are easily counterfeited, altered, or copied, leading to counterfeit and substandard products entering the market and seriously damaging corporate brand reputation and consumer rights. To address this issue, more and more color-coated product companies are printing encrypted QR codes on their product labels. Consumers or distributors can verify the authenticity of the product by scanning the QR code with their mobile phones, achieving full-process traceability. However, if sensitive product information carried in the QR code, such as production batch, date, and specifications, is stored in plaintext, it could be used to counterfeit product labels if illegally obtained. Therefore, high-strength encryption protection of QR code information has become a core technical requirement for anti-counterfeiting systems for color-coated products.

[0003] However, current QR code anti-counterfeiting technologies applied to color-coated products still have several limitations: First, insufficient security strength, with some solutions only using Base64 encoding or single symmetric encryption (such as AES), making them easy to reverse engineer; second, lack of integrity protection, failing to effectively detect data tampering during printing and distribution; third, compliance risks, as the encryption algorithms used may not comply with national cryptographic management standards; and fourth, concentrated key management risks, where a single key leak could lead to counterfeiting threats on a large number of products. Furthermore, while some solutions using asymmetric encryption (such as RSA) improve security, they suffer from problems such as ciphertext inflation, low recognition rates, and encryption / decryption efficiency unsuitable for high-concurrency mobile verification.

[0004] To address the aforementioned issues, existing technologies have proposed several improvement solutions. For example, some solutions employ the RSA public-private key system to encrypt QR code information, using asymmetric encryption to enhance security. However, this approach suffers from excessively long ciphertext lengths; a simple product code encrypted with RSA can result in highly complex ciphertext, making the QR code difficult to recognize, and both encryption and decryption are slow. Furthermore, the RSA algorithm is not part of China's national cryptographic algorithm system and does not meet national requirements for product encryption. Meanwhile, some solutions use a single-layer SM4 encryption algorithm to encrypt product information. While compliant with national standards, this method is relatively simplistic. When the key length is fixed at 16 bytes, it may still be vulnerable to brute-force attacks, and this method lacks measures to protect data integrity, failing to detect whether the QR code content has been tampered with.

[0005] While the aforementioned solutions improve the security of anti-counterfeiting systems for color-coated products to some extent, they still have significant shortcomings. Single encryption algorithms are insufficient to resist complex attacks and counterfeiting activities, and lack effective protection measures for the integrity of QR code data, failing to address printing errors, transmission problems, or malicious attacks. Furthermore, using RSA encryption can result in high QR code density, making them difficult to identify, and the single-key mechanism severely lacks depth defense capabilities, making it vulnerable to large-scale attacks. In practical application scenarios such as the development of encryption software for color-coated product identification systems, a dual-layer encryption and decryption algorithm is needed that can reliably protect product identification information, be compatible with mobile scanning verification via WeChat mini-programs and apps, and meet national cryptographic requirements. Therefore, there is an urgent need for a dual-layer encryption technology solution that combines the national cryptographic SM4 algorithm with a custom SPN obfuscation structure, ensuring high security and data integrity while outputting Base62 format ciphertext suitable for QR code encoding, thus solving the current problems faced by anti-counterfeiting systems for color-coated products. Summary of the Invention

[0006] The purpose of this invention is to overcome the shortcomings of existing technologies and provide an anti-counterfeiting system for color-coated products and its dual-layer encryption and decryption method, which can effectively improve the security of QR codes, prevent data tampering, and meet the requirements of national cryptographic standards.

[0007] This invention provides a two-layer encryption method for an anti-counterfeiting system for color-coated products, comprising the following steps:

[0008] First layer of encryption steps

[0009] Receive plaintext data to be encrypted, convert the plaintext data into hexadecimal plaintext data, and encrypt the hexadecimal plaintext data using the first key and the SM4 national cryptographic algorithm to obtain the first layer of ciphertext;

[0010] Second layer encryption steps

[0011] Based on the second key, a derived key is generated using the PBKDF2 algorithm. The derived key is then used to perform three rounds of obfuscation encryption on the first layer of ciphertext using an SPN structure to obtain the second layer of ciphertext. The obfuscation encryption process includes character substitution and position permutation.

[0012] Integrity verification steps

[0013] An integrity check code is generated based on the derived key and the second-layer ciphertext, and the last character of the second-layer ciphertext is replaced to form the final ciphertext.

[0014] Preferably, the first layer of encryption uses the ECB mode and no-fill mode of the SM4 national cryptographic algorithm to encrypt the converted plaintext data.

[0015] Preferably, the character replacement step in step two is as follows: calculate the key offset based on the derived key, find the position index of each character in the input string in the Base62 character set, extract the key byte at the corresponding position from the derived key, select addition or subtraction operation according to the parity of the character position, and replace the original character with the character at the calculated index position in the Base62 character set.

[0016] Preferably, the position permutation in step two specifically involves: creating a position obfuscation map using the Knuth random scrambling algorithm, and rearranging the positions of the character-replaced string according to the position obfuscation map to obtain the position-obfuscated string.

[0017] Preferably, the specific steps of the integrity check code are as follows: Calculate the checksum of the first n-1 characters based on the Base62 index of the character and the derived key bytes; perform a modulo addition operation between the checksum and the Base62 index of the last character to obtain the check code index.

[0018] CheckIndex=(Sum+I last mod62

[0019] Where CheckIndex is the checksum index, Sum is the checksum, and I... last The Base62 index of the last character;

[0020] Replace the last character of the second-level ciphertext string with the character at index CheckIndex in the Base62 character set.

[0021] This invention also provides a two-layer decryption method for an anti-counterfeiting system for color-coated products, used to decrypt ciphertext obtained by any of the methods described above, comprising the following steps:

[0022] First-level decryption steps

[0023] Receive the final ciphertext;

[0024] Based on the second key, a derived key is generated using the PBKDF2 algorithm; the derived key is then used to verify the integrity check code.

[0025] Verify the integrity check code, recalculate the checksum of the first n-1 characters, calculate the original last character index based on the index of the last character of the final ciphertext, and verify whether they are consistent.

[0026] After successful verification, the last character of the final ciphertext is restored to the last character of the second-layer ciphertext to obtain the second-layer ciphertext. The derived key and reverse obfuscation process are then used to perform the first-layer decryption of the second-layer ciphertext to obtain the first-layer ciphertext.

[0027] Second layer decryption steps

[0028] The first layer of ciphertext is decrypted using the first key and the SM4 national cryptographic algorithm. The decryption result is converted into a hexadecimal string format and restored to the original plaintext data.

[0029] Preferably, the reverse obfuscation process includes position inversion permutation and character inversion substitution, and the execution order of the position inversion permutation and character inversion substitution is the reverse of the order of character substitution and position permutation in the encryption method.

[0030] This invention also provides an anti-counterfeiting system for color-coated products, including:

[0031] An encryption module that performs the encryption method described in any of the preceding claims;

[0032] A decryption module that performs the decryption method as described in any of the preceding items;

[0033] The identifier processing module is used to convert the final ciphertext output by the encryption module into a product identifier, and to decode the product identifier obtained by scanning so as to input it into the decryption module.

[0034] Compared with the prior art, the present invention has the following beneficial effects:

[0035] 1. This application embodiment constructs a two-layer encryption system that combines the national cryptographic SM4 standard algorithm with a custom SPN structure, which significantly improves the security threshold of anti-counterfeiting labels for color-coated products while ensuring algorithm compliance.

[0036] 2. This application combines the SM4 algorithm with multi-round obfuscation encryption based on the SPN structure (character substitution and position permutation), and introduces PBKDF2 key derivation, resulting in a highly random and unpredictable anti-counterfeiting code. This fundamentally solves the problem that traditional serial numbers or simple encrypted traceability codes are easily reverse-engineered or forged in batches due to their single rules, truly achieving the security requirement of "one item, one code".

[0037] 3. This application's embodiments utilize Base62 encoding, effectively compressing the ciphertext length while ensuring security, and exhibiting superior encryption and decryption efficiency compared to the RSA algorithm in high-concurrency scenarios. Furthermore, the built-in integrity verification mechanism of this invention can effectively identify whether the QR code data has been tampered with after generation, ensuring the authenticity of the source data and thus improving the reliability and anti-attack capability of the entire anti-counterfeiting system. Attached Figure Description

[0038] Figure 1 This is a flowchart illustrating the dual-layer encryption and decryption method of the anti-counterfeiting system in an embodiment of this application. Detailed Implementation

[0039] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings, so that those skilled in the art can better understand the advantages and features of the present invention, thereby making a clearer definition of the scope of protection of the present invention. The embodiments described in this invention are only some embodiments of the present invention, not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative effort are within the scope of protection of the present invention.

[0040] This embodiment uses the Base62 character set as an example to demonstrate the entire process of double-layer encryption. If the Base36 character set is used, the steps are completely the same as the process, except for the character set definition and the modulo radix (36).

[0041] The Base62 character set contains 62 characters: 0-9 (corresponding to indices 0 to 9), AZ (corresponding to indices 10 to 35), and az (corresponding to indices 36 to 61).

[0042] If the Base36 character set is used, the character set range is 36 characters: 0-9 (corresponding to indices 0 to 9) and az (corresponding to indices 36 to 61). The radix of all subsequent modulo operations is changed from 62 to 36, while the rest of the process remains unchanged.

[0043] Please refer to Figure 1 This invention provides a two-layer encryption method for an anti-counterfeiting system for color-coated products, specifically including the following steps:

[0044] Step 1: First Encryption

[0045] Input the string to be encrypted, which shall not exceed 32 bytes and shall be 16 bytes or an integer multiple of 16 bytes in length. In this embodiment, the plaintext is set to 12374838920250206150328000000003.

[0046] Using key Key1, which is set to baogangcaitu2025 in this embodiment, and using the SM4 national cryptographic algorithm in ECB mode for no-fill encryption, the plaintext is converted to hexadecimal format and then encrypted to obtain the first layer of hexadecimal ciphertext Cipher1: ae65a03bb99429aa7f966940ac5caac6.

[0047] In this embodiment, the block length of the SM4 national cryptographic algorithm is 128 bits, or 16 bytes.

[0048] The key length of the SM4 national cryptographic algorithm is 128 bits, or 16 bytes.

[0049] The SM4 national cryptographic algorithm uses a 32-round unbalanced structure for encryption and decryption;

[0050] ECB mode is an electronic codebook mode, where each data block is encrypted independently;

[0051] The no-padding mode requires that the length of the input data must be an integer multiple of 16 bytes, and no automatic padding is applied.

[0052] Step 2 Second Encryption

[0053] Set the key for the second layer of encryption to baogangcaitu2025, and use PBKDF2 to generate Key2, which includes four parameters: key character array, fixed salt value, number of iterations (10000 times in this case), and output key length of 256 bits. In this embodiment, the fixed salt value is an 8-byte array, calculated using the formula salt[i]=(i*31+17)%256, where i is an index from 0 to 7. The resulting fixed salt value is: [17,48,79,110,-115,-84,-53,-22]. The original key is converted into a character array, and a PBKDF2 algorithm instance is used to generate the derived key, resulting in Key2: [-20, -80,-54, -14, 22, 116, 115, 56, -64, 94, -31, 120, -111, -53, 110, -21, -14, 23,-12, 74, 69, -26, 56, -6, -128, -76, 7, 67, 107, 112, -100, -47].

[0054] A custom SPN structure is used to perform character replacement and position permutation on the first-layer ciphertext Cipher1.

[0055] In the character replacement step, it uses the Base62 character set as a dictionary. Each character corresponds to one byte of Key2 as an offset. Even-numbered bits add the key offset to the position of the original character in the dictionary, and odd-numbered bits subtract the key offset from the position of the original character in the dictionary.

[0056] in,

[0057] Before performing position replacement, a position obfuscation mapping table needs to be created using the Knuth random scrambling algorithm, resulting in: [28, 29, 30, 18, 20, 12, 8, 7, 24, 31, 14, 11, 1, 26, 17, 27, 3, 4, 15, 13, 5, 22, 25, 9, 2, 23, 6, 10, 19, 21, 0, 16]. This means that the character originally located at position 0 needs to be moved to position 28, the character originally located at position 1 needs to be moved to position 29, and so on. In this embodiment, three rounds of obfuscation processing are repeated, and the second layer of ciphertext is finally obtained as: 0W1JAKVO88KX3803OJRINFBUO0Y8J0LI.

[0058] Step 3: Add integrity check code

[0059] Let the length of the second-level ciphertext be n. Calculate the checksum Sum of the first n-1 characters, and then use the Base62 index I of the last character as the basis for the result. last Perform a modulo addition operation to obtain the checksum index CheckIndex:

[0060] CheckIndex=(Sum+I last mod62

[0061] The last character is replaced by the character with the index CheckIndex in the Base62 character set, resulting in the final ciphertext: 0W1JAKVO88KX3803OJRINFBUO0Y8J0LD.

[0062] This embodiment also provides a two-layer decryption method for the anti-counterfeiting system of color-coated products. Decryption is the reverse process of encryption, and specifically includes the following steps:

[0063] Step 1: First Layer Decryption

[0064] Receive the final ciphertext; generate the same derived key using the same second key (i.e., baogangcaitu2025) and PBKDF2 parameters as in the encryption step.

[0065] To verify the integrity checksum, let the final ciphertext length be n. Recalculate the checksum Sum' of the first n-1 characters. Based on the index CheckIndex of the last character in the final ciphertext, calculate the original index I of the last character. last = (CheckIndex - Sum' + 62) mod 62; Verify (Sum' + I last Does mod 62 equal CheckIndex?

[0066] If they match, the verification passes; if they don't match, a data integrity verification failure exception is thrown. The last character of the final ciphertext is replaced with the last character of the second-level ciphertext (recovered through reverse calculation) to obtain the second-level ciphertext.

[0067] The second ciphertext undergoes three rounds of reverse SPN structure processing, with each round including the following steps:

[0068] Position descrambling: Create a reverse mapping table of the position obfuscation mapping table, and restore the characters to their original positions according to the reverse mapping table;

[0069] Character position restoration: Based on the generated derived key and key offset, the position index of each character is found in the Base62 string. The opposite operation method is selected according to the parity of the character position. After three rounds of reverse obfuscation, the Base62 encoded string of the first layer of ciphertext Cipher1 is obtained. It is then decoded into a hexadecimal string to obtain Decrypt1.

[0070] The output hexadecimal intermediate text Decrypt1 is: ae65a03bb99429aa7f966940ac5caac6;

[0071] Converting the above Decrypt1 to a byte array yields the following result: [-82, 101, -96, 59, -71, -108, 41, -86, 127, -106, 105, 64, -84, 92, -86, -58].

[0072] Step 2: Second Layer Decryption

[0073] Using the same SM4-ECB no-padding mode decryption with the key Key1 mentioned above, the original byte array is: [18, 55, 72, 56, -110, 2, 80, 32, 97, 80, 50, -128, 0, 0, 0, 3];

[0074] Converting the decrypted original byte array to a hexadecimal string, the result Decrypt2 is: 12374838920250206150328000000003;

[0075] The above Decrypt2 is the corresponding original plaintext.

[0076] The descriptions and practices disclosed in this invention are readily apparent and understandable to those skilled in the art, and various modifications and refinements can be made without departing from the principles of this invention. Therefore, any modifications or improvements made without departing from the spirit of this invention should also be considered within the scope of protection of this invention.

Claims

1. A double-layer encryption method for anti-counterfeiting systems of color-coated products, characterized in that, Includes the following steps: First layer of encryption steps Receive plaintext data to be encrypted, convert the plaintext data into hexadecimal plaintext data, and encrypt the hexadecimal plaintext data using the first key and the SM4 national cryptographic algorithm to obtain the first layer of ciphertext; Second layer encryption steps Based on the second key, a derived key is generated using the PBKDF2 algorithm. The derived key is then used to perform three rounds of obfuscation encryption on the first layer of ciphertext using an SPN structure to obtain the second layer of ciphertext. The obfuscation encryption process includes character substitution and position permutation. Integrity verification steps An integrity check code is generated based on the derived key and the second-layer ciphertext, and the last character of the second-layer ciphertext is replaced to form the final ciphertext.

2. The double-layer encryption method for the anti-counterfeiting system of color-coated products as described in claim 1, characterized in that, The first layer of encryption uses the ECB mode and no-fill mode of the SM4 national cryptographic algorithm to encrypt the converted plaintext data.

3. The double-layer encryption method for the anti-counterfeiting system of color-coated products as described in claim 1, characterized in that, The character replacement steps in step two are as follows: calculate the key offset based on the derived key, find the position index of each character in the input string in the Base62 character set, extract the key byte at the corresponding position from the derived key, select addition or subtraction operation according to the parity of the character position, and replace the original character with the character at the calculated index position in the Base62 character set.

4. The double-layer encryption method for the anti-counterfeiting system of color-coated products as described in claim 1, characterized in that, The position permutation in step two specifically involves: creating a position obfuscation map using the Knuth random scrambling algorithm, and rearranging the positions of the character-replaced strings according to the position obfuscation map to obtain the obfuscated strings.

5. The double-layer encryption method for the anti-counterfeiting system of color-coated products as described in claim 1, characterized in that, The specific steps for the integrity check code are as follows: Calculate the checksum of the first n-1 characters based on the Base62 index of the character and the derived key bytes; perform a modulo addition operation between the checksum and the Base62 index of the last character to obtain the check code index. CheckIndex=(Sum+I last )mod62 Where CheckIndex is the checksum index, Sum is the checksum, and I... last The Base62 index of the last character; Replace the last character of the second-level ciphertext string with the character at index CheckIndex in the Base62 character set.

6. A two-layer decryption method for an anti-counterfeiting system for color-coated products, used to decrypt the ciphertext obtained by the method described in any one of claims 1-5, characterized in that, Includes the following steps: First-level decryption steps Receive the final ciphertext; The same derived key is generated based on the second key using the PBKDF2 algorithm; The derived key is used to verify the integrity check code; Verify the integrity check code, recalculate the checksum of the first n-1 characters, calculate the original last character index based on the index of the last character of the final ciphertext, and verify whether they are consistent. After successful verification, the last character of the final ciphertext is restored to the last character of the second-layer ciphertext to obtain the second-layer ciphertext. The derived key and reverse obfuscation process are then used to perform the first-layer decryption of the second-layer ciphertext to obtain the first-layer ciphertext. Second layer decryption steps The first layer of ciphertext is decrypted using the first key and the SM4 national cryptographic algorithm. The decryption result is converted into a hexadecimal string format and restored to the original plaintext data.

7. The decryption method as described in claim 6, characterized in that, The reverse obfuscation process includes position inversion permutation and character inversion substitution, and the execution order of position inversion permutation and character inversion substitution is the reverse of the order of character substitution and position permutation in the encryption method.

8. A color-coated product anti-counterfeiting system, characterized in that, include: An encryption module, wherein the encryption module performs the encryption method as described in any one of claims 1 to 5; A decryption module, wherein the decryption module performs the decryption method as described in any one of claims 6 to 7; The identifier processing module is used to convert the final ciphertext output by the encryption module into a product identifier, and to decode the product identifier obtained by scanning so as to input it into the decryption module.