SQRC : QR Codes sécurisés avec données chiffrées
DENSO WAVE's Secure QR Code: dual public/private data, encryption architecture, authorised reader requirements, and use cases.
SQRC: Secure QR Codes with Encrypted Data
SQRC (Secure QR Code) is a proprietary technology from DENSO WAVE (the inventor of QR codes) that adds an encrypted private data layer to standard QR codes.
How SQRC Works
An SQRC contains two data layers:
- Public data: Readable by any standard QR code scanner (e.g., a product name or public URL)
- Private data: Encrypted data readable only by authorised SQRC readers with the correct cryptographic key
Both layers coexist in the same QR code symbol. Standard scanners read only the public data; SQRC-enabled scanners with the right key also access the private data.
Technical Architecture
- The public and private data share the same module grid
- Private data is encrypted using a symmetric key (AES)
- The key is pre-provisioned on authorised reader devices
- The QR code's visual appearance is identical to a standard QR code
- No visual indicator distinguishes an SQRC from a regular QR code
Use Cases
Product authentication: Public layer shows product information; private layer contains a cryptographic proof of authenticity that only verified scanners can validate.
Access control: Public layer displays a generic message; private layer contains access credentials readable only by authorised terminals.
Document security: Public layer shows a document summary; private layer contains a signature or verification code.
Supply chain: Public layer provides basic product tracking; private layer contains confidential supply chain data.
Limitations
- Proprietary: SQRC technology is controlled by DENSO WAVE
- Special readers required: Standard smartphone cameras cannot read private data
- Key management: Distributing and managing symmetric keys is operationally complex
- Cost: SQRC readers and licensing are more expensive than standard QR infrastructure
- Limited adoption: Outside specific Japanese industrial applications, SQRC has limited market penetration
Alternatives
For most applications, alternative approaches provide similar security:
- Digitally signed QR codes (open standards, any scanner)
- Dynamic QR codes with server-side authentication
- Standard QR codes linking to authenticated web services
- NFC with secure element for high-security applications
Key Takeaways
- SQRC provides dual public/private data layers in a single QR code
- Private data requires authorised SQRC readers with pre-provisioned keys
- Proprietary technology from DENSO WAVE with limited global adoption
- Open alternatives (COSE/CBOR signatures) are more widely supported
- Best suited for closed industrial ecosystems where DENSO WAVE hardware is standard