One-Product-One-Code Anti-Counterfeit Technology Deep Dive: From QR Codes to Blockchain

The one-product-one-code anti-counterfeit system is acompound technology domain spanning cryptography, coding theory, distributed systems, and information security. On the surface, consumers scan a QR code on product packaging and see an authenticity verification result in under 1 second — but behind this is an entire complex technical system. This article starts from the technical fundamentals, deeply deconstructing the core technical principles of one-product-one-code anti-counterfeiting.

Anti-Counterfeit Code Encoding and Generation. The core of one-product-one-code is assigning each product a globally unique digital identity. Code ID generation uses a Snowflake variant — 64-bit long integer ID composed of timestamp (41 bits) + datacenter ID (5 bits) + worker ID (5 bits) + sequence number (12 bits), with a theoretical QPS ceiling of 4.096 million/second. To guarantee code uniqueness, the system sets unique constraints at the database layer and uses a pre-generation + batch allocation mechanism at the application layer — pre-occupying ID ranges in the database to reduce database contention. Code presentation formats support QR Code (QR Code Model 2, maximum version 40, capable of carrying 7,089 numeric characters), DataMatrix (ECC 200 standard), and PDF417, meeting the needs of different industries and application scenarios.

Anti-Counterfeit Code Encryption and Security Design. Uniqueness alone is insufficient for anti-counterfeiting — counterfeiters could guess code patterns to forge codes. ZhiShuYun employs a multi-layer encryption strategy: Layer 1 — the query parameter in the code's URL is not a plaintext code ID but AES-256-GCM encrypted ciphertext, with keys managed by Hardware Security Modules (HSM). Layer 2 — code generation follows a non-linear sequence; there are no inferable mathematical patterns between code IDs. Layer 3 — every code is registered server-side and bound to product information and production batch; unregistered codes cannot pass verification even with correct ciphertext format. Layer 4 — the system monitors behavioral characteristics including query frequency, geographic distribution, and query intervals, using AI models to identify batch probing and forgery attack patterns. These four layers make anti-counterfeit codes highly secure at both the theoretical and engineering levels.

Distributed Code Generation Engine Architecture. Million-scale batch code generation requires powerful compute and IO support. The code generation engine is built on a Master-Worker architecture: frontend APIs receive code generation requests, split tasks into Redis List queues; multiple Worker instances concurrently consume the queue, each Worker batch-generates codes (default batch size 10,000), writes to the database, and updates task status in Redis. To handleultra- large tenants' multi-billion code generation needs, the system implements database sharding — using tenant ID as the sharding key, distributing code data across 16 database shards. It alsointroducing local Bloom filter + Redis Bloom filter dual protection to prevent cache penetration-triggered database avalanches.tested shows 10 million codes generated in ~4 minutes, with per-code generation cost of ~0.03ms.

Complete Scan Verification Chain. Consumer scans product code → WeChat/browser parses URL → initiates HTTPS request to ZhiShuYun gateway → gateway WAF checks request legitimacy → routes to code query microservice → microservice sequentially queries local Caffeine cache → Redis distributed cache → database → returns verification result. The key bottleneck in the entire chain is the database query step; through multi-level caching, database hit rate has been reduced from 100% to below 5%, with P99 response time dropping from 200ms to 80ms. The verification result page not only displays authenticity status but dynamically assembles product traceability information (raw materials, production, quality inspection, logistics, and other nodes), brand information (logo, name, official certification seal), and marketing content (red packets, points, membership guidance).

Blockchain Notarization Technical Implementation. Key lifecycle events of anti-counterfeit codes (generation, first query, traceability node recording) are written not only to MySQL but simultaneously on-chain to the Hyperledger Fabric consortium blockchain network. The on-chain strategy uses selective recording — only critical data hash values (SHA-256) and transaction metadata are written on-chain; complete data is stored off-chain in IPFS/object storage. This design ensures immutability while avoiding the performance and storage cost issues of writingmassive data to the blockchain. The traceability information consumers see when scanning can have its integrity verified by comparing on-chain hash values against off-chain data, ensuring data has not been tampered with.