Blockchain Token-Based Wild-Simulated Ginseng Quality Management Method

Countries require measures to prevent food fraud, such as forgery of certificates or content change during production, which can occur throughout the supply chain, even if they have a certification system for quality food management. Therefore, there are recent cases of the introduction of blockchain tokens for quality and supply chain management; however, there are difficulties in introducing tokens in food fields, such as forest and agricultural products. To introduce tokens in the food sector, we selected wild-simulated ginseng, subject to quality management in Korea, analyzed the quality management process of wild-simulated ginseng, and selected the target for blockchain token introduction. We then identified potential token-related issues from consumers and suggested possible solutions.


Introduction
Although the interest in organic products is increasing worldwide, it is difficult for consumers to directly verify foods in the market as organic; therefore, several countries have enacted specific laws or standards to manage and certify organic foods [1]. In Korea, a quality management system has been legally established for a food called wild-simulated ginseng, which is, step by step, managed from production to distribution by the government. The government provides certificates for each step passed. Producers must submit documents from the previous step to pass to the next. However, this process is executed offline using paper documents for a very long time, making it difficult to ensure the integrity of information and incurring high document management costs. In addition, fraud may occur, such as forging the offline certificates or changing the contents. [2,3]. Now, IoT and big data are being used to collect and manage supply chain information regarding agricultural products [4,5]; however, most of these tools cannot sufficiently ensure high integrity of this information [6]. Blockchain technology provides a better chance to achieve the desired high integrity; the technology has proved helpful to various industries, such as finance [7][8][9]. Blockchains comprising hash chains provide transparent supply chain management processes and improve data integrity. Nonfungible tokens (NFTs) are also becoming popular in authentication and process management [10][11][12][13]. NFTs facilitate tracking the physical or non-physical possessions of unique, non-exchangeable tokens (such as digital art or luxury apparel). However, because food is an item that disappears when ingested, information asymmetry may occur because the objects that the tokens track are destroyed.
Nevertheless, utilizing blockchain and NFTs technology, we designed a reliable wildsimulated ginseng management system. The system tracks wild-simulated ginseng from planting to the market. Legal documents-tokens are generated at each process step and tracked thoroughly. If a token is managed instead of the existing offline documents, the existing offline document management system can be replaced. Indeed, a token verifying

Blockchain
A blockchain creates blocks at regular intervals to manage the data. Each new block includes the previous block's hash value in its header. These blocks are continuously generated over a certain period, and blocks, except for the initial block, form a hash chain with the previous block's hash value, making it difficult to forge and tamper with blocks [14].
Although there are differences in the header field for each blockchain, such as Bitcoin and Ethereum, Figure 1 shows the general blockchain header structure. The n-th block includes the hash value of the previous block (N − 1) header in the previous hash field, and the n-th block header hash value is included and recorded in the block (N + 1) added thereafter. The block-creation time is recorded in the timestamp field, the Merkle tree [15] is constructed using the transactions included in the block body in the root hash field, and the generated Merkle root value is recorded. The n-th block root hash field in Figure 1 was recorded, assuming that four transactions were included in the body. is constructed using the transactions included in the block body in the root hash field, and the generated Merkle root value is recorded. The n-th block root hash field in Figure 1 was recorded, assuming that four transactions were included in the body. These generated blocks are distributed by peer-to-peer (P2P) network participants and are selected to be added using consensus algorithms, such as proof of work (PoW), proof of stake (PoS), and practical Byzantine fault tolerance (PBFT) [16].

Smart Contract and Account
A smart contract is a concept proposed by Nick Sabo that automatically executes a contract written in a program code when certain conditions are satisfied [17]. A smart contract was implemented in Ethereum, developed by Vitalik Buterin, and has been applied in various fields [18].
In Ethereum, there are two accounts: an externally owned account (EOA) and a contract account (CA) [19]. An EOA is an account used by general users, and private and public keys exist to enable the creation and execution of transactions. Figure 2 shows the process of generating the EOA and creating a 256-bit random value as a private key. From the secp256k1 curve, the elliptic curve digital signature algorithm (ECDSA) [20] generates a public key, which is a replica of the private key. The generated public key is used to obtain a hash value using the Keccak-256 algorithm [21], and the lower 160 bits of the hash value are used as the EOA. A CA is an account created when the smart contract code is compiled and deployed on the blockchain. Functions can be called and interact within the contract through the account, and the CA cannot create a transaction alone. Therefore, no private and public key exists. These generated blocks are distributed by peer-to-peer (P2P) network participants and are selected to be added using consensus algorithms, such as proof of work (PoW), proof of stake (PoS), and practical Byzantine fault tolerance (PBFT) [16].

Smart Contract and Account
A smart contract is a concept proposed by Nick Sabo that automatically executes a contract written in a program code when certain conditions are satisfied [17]. A smart contract was implemented in Ethereum, developed by Vitalik Buterin, and has been applied in various fields [18].
In Ethereum, there are two accounts: an externally owned account (EOA) and a contract account (CA) [19]. An EOA is an account used by general users, and private and public keys exist to enable the creation and execution of transactions. Figure 2 shows the process of generating the EOA and creating a 256-bit random value as a private key. From the secp256k1 curve, the elliptic curve digital signature algorithm (ECDSA) [20] generates a public key, which is a replica of the private key. The generated public key is used to obtain a hash value using the Keccak-256 algorithm [21], and the lower 160 bits of the hash value are used as the EOA. A CA is an account created when the smart contract code is compiled and deployed on the blockchain. Functions can be called and interact within the contract through the account, and the CA cannot create a transaction alone. Therefore, no private and public key exists.

Transaction Type
Ethereum transactions can be divided into external and internal transaction internal transaction cannot be created by itself and the internal transaction log mented inside the smart contract must be executed by an external transaction. Fo transactions, the EOA can sign a transaction and send it to the EOA or CA to c tion. In Figure 3, CA 1, called the EOA, calls a function to CA 2 by using interna tions. The EOA can transmit transactions via the CA, as shown in Figure 4.   Table 2 categorizes token standards using a blockchain platform. Ether Klaytn standardized the blockchain token standard to specify functions and

Transaction Type
Ethereum transactions can be divided into external and internal transactions [22]. An internal transaction cannot be created by itself and the internal transaction logic implemented inside the smart contract must be executed by an external transaction. For external transactions, the EOA can sign a transaction and send it to the EOA or CA to call a function. In Figure 3, CA 1, called the EOA, calls a function to CA 2 by using internal transactions. The EOA can transmit transactions via the CA, as shown in Figure 4.

Transaction Type
Ethereum transactions can be divided into external and internal transactions [22]. An internal transaction cannot be created by itself and the internal transaction logic implemented inside the smart contract must be executed by an external transaction. For external transactions, the EOA can sign a transaction and send it to the EOA or CA to call a function. In Figure 3, CA 1, called the EOA, calls a function to CA 2 by using internal transactions. The EOA can transmit transactions via the CA, as shown in Figure 4.   Table 2 categorizes token standards using a blockchain platform. Ethereum and Klaytn standardized the blockchain token standard to specify functions and provide guidelines. Klaytn is a blockchain created by forking the Byzantium version of Ethereum and has a similar token standard because it forks Ethereum into a blockchain with a blockcreation time of 1 s by transforming the PBFT-based algorithm [23].

Transaction Type
Ethereum transactions can be divided into external and internal transactions [22]. An internal transaction cannot be created by itself and the internal transaction logic implemented inside the smart contract must be executed by an external transaction. For external transactions, the EOA can sign a transaction and send it to the EOA or CA to call a function. In Figure 3, CA 1, called the EOA, calls a function to CA 2 by using internal transactions. The EOA can transmit transactions via the CA, as shown in Figure 4.   Table 2 categorizes token standards using a blockchain platform. Ethereum and Klaytn standardized the blockchain token standard to specify functions and provide guidelines. Klaytn is a blockchain created by forking the Byzantium version of Ethereum and has a similar token standard because it forks Ethereum into a blockchain with a blockcreation time of 1 s by transforming the PBFT-based algorithm [23].   Table 2 categorizes token standards using a blockchain platform. Ethereum and Klaytn standardized the blockchain token standard to specify functions and provide guidelines. Klaytn is a blockchain created by forking the Byzantium version of Ethereum and has a similar token standard because it forks Ethereum into a blockchain with a block-creation time of 1 s by transforming the PBFT-based algorithm [23]. Tokens can be broadly classified into fungible tokens [24,25], NFT [26,27], and multitokens [28,29]. Figure 5 shows the characteristics of the tokens created when a contract is implemented based on the token standard. For a fungible token, one token is always the same as another and can be used in fiat currency and voting rights. NFT is a token that represents the ownership of unique items. In the figure, it can be observed that different tokens have been issued to the NFT contract as A, B, C and D. A multi-token combines the characteristics of the previous two tokens, and multiple tokens can be represented in a single contract. In the figure, tokens A, B, C and D are issued in one multi-token contract, and among them, a number of A and C tokens, such as fungible tokens, are issued, and only one B and D tokens, such as NFT, are issued; therefore, they have unique characteristics. Tokens can be broadly classified into fungible tokens [24,25], NFT [26,27], and mu tokens [28,29]. Figure 5 shows the characteristics of the tokens created when a contrac implemented based on the token standard. For a fungible token, one token is always same as another and can be used in fiat currency and voting rights. NFT is a token t represents the ownership of unique items. In the figure, it can be observed that differ tokens have been issued to the NFT contract as A, B, C and D. A multi-token combines characteristics of the previous two tokens, and multiple tokens can be represented i single contract. In the figure, tokens A, B, C and D are issued in one multi-token contr and among them, a number of A and C tokens, such as fungible tokens, are issued, and o one B and D tokens, such as NFT, are issued; therefore, they have unique characteristics

Wild-Simulated Ginseng Quality Management Process
Two government agencies cooperate in implementing the wild-simulated ginse quality management system in Korea. Legal documents are issued upon passing ev one of the four steps in the process. Before proceeding to the next step, documents of previous step must be produced [30]. However, this process is currently executed offl using paper documents, making it difficult to ensure the integrity of information and curring high document management costs. In addition, fraud may occur, such as forg the offline certificates or changing the contents. Therefore, utilizing blockchain and N technology, we designed a reliable automated wild-simulated ginseng management s tem [31]. Several legal forms exist at each step of the wild-simulated ginseng quality m agement process. By the last step, the producer would have been issued one quality insp tion certificate and 100 pass certificates. When the wild-simulated ginseng is sold, consu ers can verify whether it has passed all the quality inspection steps [30]. Figure 6 shows existing wild-simulated ginseng quality management system consisting of four steps.

Wild-Simulated Ginseng Quality Management Process
Two government agencies cooperate in implementing the wild-simulated ginseng quality management system in Korea. Legal documents are issued upon passing every one of the four steps in the process. Before proceeding to the next step, documents of the previous step must be produced [30]. However, this process is currently executed offline using paper documents, making it difficult to ensure the integrity of information and incurring high document management costs. In addition, fraud may occur, such as forging the offline certificates or changing the contents. Therefore, utilizing blockchain and NFTs technology, we designed a reliable automated wild-simulated ginseng management system [31]. Several legal forms exist at each step of the wild-simulated ginseng quality management process. By the last step, the producer would have been issued one quality inspection certificate and 100 pass certificates. When the wild-simulated ginseng is sold, consumers can verify whether it has passed all the quality inspection steps [30]. Figure 6 shows the existing wild-simulated ginseng quality management system consisting of four steps.

Quality Management Using Blockchain Token
In this study, a blockchain was used to improve the integrity of wild-simulated ginseng quality management. Token standards were selected for the introduction of tokens, and gateway contracts were deployed to prevent food fraud caused by the reuse of the issued tokens or incorrect distribution tokens.

Token Standard Selection
Tokenization is selecting a token standard based on the characteristics of the target. Here, the token standard was selected using the checklist presented in Figure 7, and the standard was selected based on step 4. In the previous step, all documents satisfy the NFT characteristics, but only one quality inspection certificate with unique characteristics is issued in step 4. However, pass certificates are issued in multiple copies and have no unique characteristics. Therefore, a multi-token was selected as the token standard for quality control. The possible token standards can be verified as a metric using the checklist shown in Table 3.

Quality Management Using Blockchain Token
In this study, a blockchain was used to improve the integrity of wild-simulated ginseng quality management. Token standards were selected for the introduction of tokens, and gateway contracts were deployed to prevent food fraud caused by the reuse of the issued tokens or incorrect distribution tokens.

Token Standard Selection
Tokenization is selecting a token standard based on the characteristics of the target. Here, the token standard was selected using the checklist presented in Figure 7, and the standard was selected based on step 4. In the previous step, all documents satisfy the NFT characteristics, but only one quality inspection certificate with unique characteristics is issued in step 4. However, pass certificates are issued in multiple copies and have no unique characteristics. Therefore, a multi-token was selected as the token standard for quality control. The possible token standards can be verified as a metric using the checklist shown in Table 3.

Quality Management Using Blockchain Token
In this study, a blockchain was used to improve the integrity of wild-simulated ginseng quality management. Token standards were selected for the introduction of tokens, and gateway contracts were deployed to prevent food fraud caused by the reuse of the issued tokens or incorrect distribution tokens.

Token Standard Selection
Tokenization is selecting a token standard based on the characteristics of the target. Here, the token standard was selected using the checklist presented in Figure 7, and the standard was selected based on step 4. In the previous step, all documents satisfy the NFT characteristics, but only one quality inspection certificate with unique characteristics is issued in step 4. However, pass certificates are issued in multiple copies and have no unique characteristics. Therefore, a multi-token was selected as the token standard for quality control. The possible token standards can be verified as a metric using the checklist shown in Table 3.

Multi-Token-Based Quality Management
A token implementing a smart contract using a multi-token standard provides functions, such as token transfer and ownership inquiry, based on the interface provided by the standard. Table 4 lists the functions in the multi-token standard ERC-1155 interface provided by Ethereum. Batch inquiries and consistent transfer functions are included because various tokens are managed in a single contract. A multi-token can be utilized, as shown in Figure 8. Producers receive pass-certificate tokens as they pass the steps of the system. When selling wild-simulated ginseng, certificate tokens can be sent to consumers and used as quality assurance certificates. The consumer can inquire into other tokens to check the quality inspection details. Additional tokens can also be issued with agency approval.

Multi-Token-Based Quality Management
A token implementing a smart contract using a multi-token standard provides functions, such as token transfer and ownership inquiry, based on the interface provided by the standard. Table 4 lists the functions in the multi-token standard ERC-1155 interface provided by Ethereum. Batch inquiries and consistent transfer functions are included because various tokens are managed in a single contract.
A multi-token can be utilized, as shown in Figure 8. Producers receive pass-certificate tokens as they pass the steps of the system. When selling wild-simulated ginseng, certificate tokens can be sent to consumers and used as quality assurance certificates. The consumer can inquire into other tokens to check the quality inspection details. Additional tokens can also be issued with agency approval.

Gateway Contract
Because these tokens are issued for physical foods, there are difficulties in their management compared to digital assets. Malicious users can exploit these problems by validating their tokens using gateway contracts. For this reason, tokens must be transmitted through the interface provided by the multi-token contract. The process is configured to pass through the gateway contract before calling the multi-token contract. If the token is invalid, it is incinerated and cannot be circulated to prevent criminal activity in advance.

Gateway Contract
Because these tokens are issued for physical foods, there are difficulties in their management compared to digital assets. Malicious users can exploit these problems by validating their tokens using gateway contracts. For this reason, tokens must be transmitted through the interface provided by the multi-token contract. The process is configured to pass through the gateway contract before calling the multi-token contract. If the token is invalid, it is incinerated and cannot be circulated to prevent criminal activity in advance. If the token is valid, the transaction is transmitted to a multi-token contract using internal transactions. Figure 9 shows a case where a malicious user attempts to use an invalid token from producer C. After receiving validation from the gateway contract before using the multi-token contract interface, if it is not valid, it is transmitted to the null address used as the token incineration address to prevent circulation. The corresponding null address was 2.1.2. In the account described in this section, all 160 bits are set to zero; thus, 0 × 0000 . . . 000 accounts. If the token is valid, the transaction is transmitted to a multi-token contract using internal transactions. Figure 9 shows a case where a malicious user attempts to use an invalid token from producer C. After receiving validation from the gateway contract before using the multi-token contract interface, if it is not valid, it is transmitted to the null address used as the token incineration address to prevent circulation. The corresponding null address was 2.1.2. In the account described in this section, all 160 bits are set to zero; thus, 0 × 0000 … 000 accounts.  Figure 10 shows the case of combining the aforementioned ERC-1155 and gateway contract with the existing wild-simulated ginseng quality control. In four steps, the results are issued and utilized as blockchain tokens, and tokens distributed together as quality certification mean that wild-simulated ginseng is distributed to consumers after passing all the steps.

Wild-Simulated Ginseng Quality Management Using Blockchain Token
Step-by-step details are as follows: • Step 1: The producer requests a conformity check from Agency 1. Agency 1 deploys an ERC-1155 contract for the producer and uses the constructor function to minimize the first result token (other than token transfer, it does not require a gateway contract).

•
Step 2: Submit a previously issued token to agency 2, which performs the verification. After receiving the token, the agency issues a second result token if it is suitable for proceeding to the next step. At this time, the token transmission must pass through the gateway contract.

•
Step 3: This is similar to step 2 and is executed by agency 1. If appropriate, the third token result is minted.

•
Step 4: Upon passing as the final step, agency 1 mints the last result token and certificate token to be used for sale. • Sale: Consumers can inquire about token ownership when purchasing wild-simulated ginseng. The producer must provide a certificate token through the gateway contract when selling wild-simulated ginseng to consumers. The distribution is blocked in advance if it is an invalid certificate token.  Figure 10 shows the case of combining the aforementioned ERC-1155 and gateway contract with the existing wild-simulated ginseng quality control. In four steps, the results are issued and utilized as blockchain tokens, and tokens distributed together as quality certification mean that wild-simulated ginseng is distributed to consumers after passing all the steps.

Gateway Contract Usage Scenario
In this section, the malicious actions that can be prevented using the gateway contract Step-by-step details are as follows:

•
Step 1: The producer requests a conformity check from Agency 1. Agency 1 deploys an ERC-1155 contract for the producer and uses the constructor function to minimize the first result token (other than token transfer, it does not require a gateway contract).

•
Step 2: Submit a previously issued token to agency 2, which performs the verification. After receiving the token, the agency issues a second result token if it is suitable for proceeding to the next step. At this time, the token transmission must pass through the gateway contract.

•
Step 3: This is similar to step 2 and is executed by agency 1. If appropriate, the third token result is minted.

•
Step 4: Upon passing as the final step, agency 1 mints the last result token and certificate token to be used for sale. • Sale: Consumers can inquire about token ownership when purchasing wild-simulated ginseng. The producer must provide a certificate token through the gateway contract when selling wild-simulated ginseng to consumers. The distribution is blocked in advance if it is an invalid certificate token.

Gateway Contract Usage Scenario
In this section, the malicious actions that can be prevented using the gateway contract are explained based on possible scenarios.

Scenarios with Timeout Logic in Gateway Contract
In the first scenario, the producer was malicious. Quality certification has an expiration date, after which it must be re-inspected. However, the creator may sell expired products maliciously. To prevent this, a timeout logic could be created in the gateway contract such that tokens that have passed their expiration date are not circulated but sent to the null address and burned. Figure 11 shows that when a timeout occurs, the token burns. Otherwise, the token is sent to the consumer using a multi-token contract.

Gateway Contract Usage Scenario
In this section, the malicious actions that can be prevented using the gateway contract are explained based on possible scenarios.

Scenarios with Timeout Logic in Gateway Contract
In the first scenario, the producer was malicious. Quality certification has an expiration date, after which it must be re-inspected. However, the creator may sell expired products maliciously. To prevent this, a timeout logic could be created in the gateway contract such that tokens that have passed their expiration date are not circulated but sent to the null address and burned. Figure 11 shows that when a timeout occurs, the token burns. Otherwise, the token is sent to the consumer using a multi-token contract.

Scenarios with Threshold Logic in Gateway Contract
The second scenario occurs when a malicious user resells a product different from the target when the token is being tracked. To solve this problem, the characteristics of the tokenization target are identified, a threshold value is set to change the token owner, and when the value exceeds, it is transmitted to the management agency to prevent circulation. In the case of wild-simulated ginseng, direct sales account for more than 90%; Figure 11. Timeout logic included in gateway contracts.

Scenarios with Threshold Logic in Gateway Contract
The second scenario occurs when a malicious user resells a product different from the target when the token is being tracked. To solve this problem, the characteristics of the tokenization target are identified, a threshold value is set to change the token owner, and when the value exceeds, it is transmitted to the management agency to prevent circulation. In the case of wild-simulated ginseng, direct sales account for more than 90%; therefore, the threshold is set to 1 or 2 to make resale impossible after purchase. Subsequently, a management agency may decide whether to incinerate or allow distribution. Figure 12 shows that the token is sent to the management agency when the threshold is exceeded. Otherwise, the token is sent to the consumer using a multi-token contract. therefore, the threshold is set to 1 or 2 to make resale impossible after purchase. Subsequently, a management agency may decide whether to incinerate or allow distribution. Figure 12 shows that the token is sent to the management agency when the threshold is exceeded. Otherwise, the token is sent to the consumer using a multi-token contract.

Scenarios in Bypassing the Gateway Contract
In the third scenario, a malicious user directly submits a transaction to a multi-token contract without going through the gateway contract. The blockchain can verify the address of the user who sends the transaction. In terms of solidity, the sender can be identified using a global variable called msg.sender. If it is not an internal transaction sent by the gateway contract, the msg.sender is recorded as an account other than the gateway contract, and by adding logic to the multi-token contract to identify whether the transaction sender is a gateway contract, the gateway contract is prevented. Figure 13 shows a transaction failure scenario when a malicious user attempts to bypass the gateway contract.  Figure 14 shows the token transfer code for the gateway contract. The request is divided into four branch sentences, excluding the conditional sentence, and the contents of each branch point are as follows:

Gateway Contract Logic
1. Timeout logic: If the token has exceeded the valid time, the token is sent to a null address and incinerated by comparing the issuance time with the current blockchain. 2. Producer logic: On the certificate token, the producer, the first owner, records information on the target sold to the consumer when selling and increases the number of transactions by one.

Scenarios in Bypassing the Gateway Contract
In the third scenario, a malicious user directly submits a transaction to a multi-token contract without going through the gateway contract. The blockchain can verify the address of the user who sends the transaction. In terms of solidity, the sender can be identified using a global variable called msg.sender. If it is not an internal transaction sent by the gateway contract, the msg.sender is recorded as an account other than the gateway contract, and by adding logic to the multi-token contract to identify whether the transaction sender is a gateway contract, the gateway contract is prevented. Figure 13 shows a transaction failure scenario when a malicious user attempts to bypass the gateway contract. therefore, the threshold is set to 1 or 2 to make resale impossible after purchase. Subsequently, a management agency may decide whether to incinerate or allow distribution. Figure 12 shows that the token is sent to the management agency when the threshold is exceeded. Otherwise, the token is sent to the consumer using a multi-token contract.

Scenarios in Bypassing the Gateway Contract
In the third scenario, a malicious user directly submits a transaction to a multi-token contract without going through the gateway contract. The blockchain can verify the address of the user who sends the transaction. In terms of solidity, the sender can be identified using a global variable called msg.sender. If it is not an internal transaction sent by the gateway contract, the msg.sender is recorded as an account other than the gateway contract, and by adding logic to the multi-token contract to identify whether the transaction sender is a gateway contract, the gateway contract is prevented. Figure 13 shows a transaction failure scenario when a malicious user attempts to bypass the gateway contract.  Figure 14 shows the token transfer code for the gateway contract. The request is divided into four branch sentences, excluding the conditional sentence, and the contents of each branch point are as follows:

Gateway Contract Logic
1. Timeout logic: If the token has exceeded the valid time, the token is sent to a null address and incinerated by comparing the issuance time with the current blockchain. 2. Producer logic: On the certificate token, the producer, the first owner, records information on the target sold to the consumer when selling and increases the number of transactions by one.  Figure 14 shows the token transfer code for the gateway contract. The request is divided into four branch sentences, excluding the conditional sentence, and the contents of each branch point are as follows:

1.
Timeout logic: If the token has exceeded the valid time, the token is sent to a null address and incinerated by comparing the issuance time with the current blockchain.

2.
Producer logic: On the certificate token, the producer, the first owner, records information on the target sold to the consumer when selling and increases the number of transactions by one.

3.
Threshold logic: When a consumer purchases wild-simulated ginseng, receives a token and then attempts to transmit the token, the token is transferred to the management agency account if the number of transactions exceeds the threshold. 4.
C2C logic: Transmission of consumer-to-consumer (C2C) records information to the token owner increases the number of transactions when the transmission is possible through previous logic.
3. Threshold logic: When a consumer purchases wild-simulated ginseng, receives a token and then attempts to transmit the token, the token is transferred to the management agency account if the number of transactions exceeds the threshold. 4. C2C logic: Transmission of consumer-to-consumer (C2C) records information to the token owner increases the number of transactions when the transmission is possible through previous logic.

Experiment
The experiment was conducted assuming that step 3 has been passed, and in step 4, we examine the token issuance to the final distribution step. In the distribution step, we implemented and tested three scenarios that could be prevented using the gateway contract.

Environment
The code implemented in Openzeppelin was used to issue pass and quality inspection certificates as ERC-1155. Part of safeTransferFrom in the code is modified to be subordinate to the gateway contract. Because the gateway contract must manage the CAs of multiple producers, in Table 3, in addition to the parameters of the safeTransferFrom function, tokenContract is added such that the CA can be identified to call. Standard functions other than transfers were not included in the experiment.
The blockchain network was constructed using Rinkeby, an Ethereum test network. When using a test network, using a blockchain explorer called Etherscan is advantageous. Table 5 lists the four EOAs and two CAs used for token quality management and scenario validation. Here, 'Admin' is the EOA of a quality management agency. 'Producer' is the EOA of the producer. 'Consumer' is the EOA of the consumer purchasing wild-simulated ginseng from the producer. 'Attacker' is the EOA of a malicious consumer distributing invalid tokens. 'Gateway contract' is a CA that must be passed for token transfer. 'Multi-token contract' is ERC-1155 CA for managing wild-simulated ginseng products that have passed quality management.

Experiment
The experiment was conducted assuming that step 3 has been passed, and in step 4, we examine the token issuance to the final distribution step. In the distribution step, we implemented and tested three scenarios that could be prevented using the gateway contract.

Environment
The code implemented in Openzeppelin was used to issue pass and quality inspection certificates as ERC-1155. Part of safeTransferFrom in the code is modified to be subordinate to the gateway contract. Because the gateway contract must manage the CAs of multiple producers, in Table 3, in addition to the parameters of the safeTransferFrom function, tokenContract is added such that the CA can be identified to call. Standard functions other than transfers were not included in the experiment.
The blockchain network was constructed using Rinkeby, an Ethereum test network. When using a test network, using a blockchain explorer called Etherscan is advantageous. Table 5 lists the four EOAs and two CAs used for token quality management and scenario validation. Here, 'Admin' is the EOA of a quality management agency. 'Producer' is the EOA of the producer. 'Consumer' is the EOA of the consumer purchasing wildsimulated ginseng from the producer. 'Attacker' is the EOA of a malicious consumer distributing invalid tokens. 'Gateway contract' is a CA that must be passed for token transfer. 'Multi-token contract' is ERC-1155 CA for managing wild-simulated ginseng products that have passed quality management.

Results
After issuing tokens that can be generated in step 4, we enter the distribution step, and the gateway contract with ERC-1155 is tested. We tested three scenarios, typical token transfers likely problematic, and then identified them through Etherscan.

Minting and Tracking Tokens
Before the malicious scenario test, the 100 certificate tokens generated in Step 4 were issued. Figure 15 shows that tokens are issued, and information about the owner is recorded on the blockchain. As such, blockchain tokens record and provide transparent management records to participants by recording and providing details of the token transfer in the blockchain when the owner is changed. Transactions that change the status of the blockchain require gas costs, but the act of inquiring about the information recorded in the blockchain is free of charge, so many participants can check the history. Therefore, even before receiving the token, the previous history can be referred to through the information recorded in the blockchain, and various user interfaces can be configured using a library such as web3.js that provides an API to interact with the blockchain node.

Results
After issuing tokens that can be generated in step 4, we enter the distribution step, and the gateway contract with ERC-1155 is tested. We tested three scenarios, typical token transfers likely problematic, and then identified them through Etherscan.

Minting and Tracking Tokens
Before the malicious scenario test, the 100 certificate tokens generated in Step 4 were issued. Figure 15 shows that tokens are issued, and information about the owner is recorded on the blockchain. As such, blockchain tokens record and provide transparent management records to participants by recording and providing details of the token transfer in the blockchain when the owner is changed. Transactions that change the status of the blockchain require gas costs, but the act of inquiring about the information recorded in the blockchain is free of charge, so many participants can check the history. Therefore, even before receiving the token, the previous history can be referred to through the information recorded in the blockchain, and various user interfaces can be configured using a library such as web3.js that provides an API to interact with the blockchain node.

Timeout Scenario Result
This result occurs when tokens are transferred while selling wild-simulated ginseng, which exceeds the validity period of the quality inspection. Table 6 lists the parameter data that the product sends to the gateway contract to send the pass token (ID:1) to the consumer. The parameters include multi-token contract CA, product EOA, and consumer EOA. 1 amount uint256 1 data bytes Null In Figure 16, the product sends the token, but the token expires, and the gateway contract does not send the token to the consumer but sends it to the null address. This is because the consumer does not receive tokens; therefore, the transaction of wild-simulated ginseng ceases. The malicious producers examined in this section can prevent the sale of wild-simulated ginseng that has expired. data bytes Null In Figure 16, the product sends the token, but the token expires, and the gateway contract does not send the token to the consumer but sends it to the null address. This is because the consumer does not receive tokens; therefore, the transaction of wild-simulated ginseng ceases. The malicious producers examined in this section can prevent the sale of wild-simulated ginseng that has expired.

Scenario Results Exceeding Thresholds
This result occurs when tokens are transferred while selling wild-simulated ginseng, which exceeds the threshold for the number of transactions specified by the management agency. Table 7 lists the parameter data the attacker sends to the gateway contract to send the pass token (ID:5) to the consumer. The parameters include multi-token contract CA, attacker EOA, and consumer EOA. 1 amount uint256 1 data bytes Null In Figure 17, although the attacker sends the token to the consumer, the token is sent to the Admin, not the consumer, because it exceeds the threshold set in the gateway contract. Timeout tokens are immediately incinerated upon circulation; however, tokens exceeding the threshold are sent to the management agency to decide whether to allow them back into circulation. This can block malicious actions, such as reselling wild-simulated ginseng, using the tokens provided at the time of purchase by consumers. These tokens are, however, not entirely burned, considering other consumers who want to transfer ownership without malicious intent.

Scenario Results Exceeding Thresholds
This result occurs when tokens are transferred while selling wild-simulated ginseng, which exceeds the threshold for the number of transactions specified by the management agency. Table 7 lists the parameter data the attacker sends to the gateway contract to send the pass token (ID:5) to the consumer. The parameters include multi-token contract CA, attacker EOA, and consumer EOA. 1 amount uint256 1 data bytes Null In Figure 17, although the attacker sends the token to the consumer, the token is sent to the Admin, not the consumer, because it exceeds the threshold set in the gateway contract. Timeout tokens are immediately incinerated upon circulation; however, tokens exceeding the threshold are sent to the management agency to decide whether to allow them back into circulation. This can block malicious actions, such as reselling wild-simulated ginseng, using the tokens provided at the time of purchase by consumers. These tokens are, however, not entirely burned, considering other consumers who want to transfer ownership without malicious intent.

Bypass Scenario Result
This result occurs when the token transfer function is called directly to the multitoken contract without going through the gateway contract.

Bypass Scenario Result
This result occurs when the token transfer function is called directly to the multi-token contract without going through the gateway contract. Table 8 lists the parameter data the attacker may send to the multi-token contract to send the pass token (ID:5) to the consumer. Because it does not go through the gateway contract, multi-token contract CA is not included, and the attacker EOA and consumer EOA are included in the parameters. In Figure 18, it can be observed that when an attacker executes a token-transfer transaction directly to the multi-token contract, it fails. This means that even if a malicious user attempts to bypass the gateway contract to avoid token validation, their token transfer cannot be successful.

Bypass Scenario Result
This result occurs when the token transfer function is called directly to the multitoken contract without going through the gateway contract. Table 8 lists the parameter data the attacker may send to the multi-token contract to send the pass token (ID:5) to the consumer. Because it does not go through the gateway contract, multi-token contract CA is not included, and the attacker EOA and consumer EOA are included in the parameters. In Figure 18, it can be observed that when an attacker executes a token-transfer transaction directly to the multi-token contract, it fails. This means that even if a malicious user attempts to bypass the gateway contract to avoid token validation, their token transfer cannot be successful.

Gas Results
To compare the gas required by the blockchain model in this study, three types of ERC-1155 tokens were tested. First, ERC-1155A is the plan proposed in this study with a gateway contract and dependence. Although contract B is not dependent on the gateway

Gas Results
To compare the gas required by the blockchain model in this study, three types of ERC-1155 tokens were tested. First, ERC-1155A is the plan proposed in this study with a gateway contract and dependence. Although contract B is not dependent on the gateway contract, the four branch statements used by Gateway were applied in a similar manner. Contract C is a contract that used ERC-1155 without modification to the existing Openzeppelin. Table 9 shows the gas fees that appear when three functions are executed for the corresponding contracts.

Discussion
Wild-simulated ginseng quality management using blockchain tokens provides transparent information, improves data integrity, and prevents damage caused by invalid products on the market. Existing studies that have investigated the same problem do not provide tokens to the end consumer as quality inspection certificates; even if they do, they do not deal with risk factors such as residual tokens. In [10,11], tokens were managed by placing smart controls for each process, but the authors did not provide tokens to end consumers as they judged them to be outside the supply chain. This study provides end consumers with tokens through guarantees or certificates. The method proposed by the author in [13] uses the ERC-1155 token, as in our study. However, the study allows third parties in the supply chain, thereby increasing the possibility of circulation of invalid tokens in the market. We devised a system that rejects invalid tokens in advance, thereby increasing the integrity of the process.
Our system includes a contract in the transmission step; thus, compared to normal contracts, it can incur higher gas costs. However, by distributing the verification logic, we can see an inevitable reduction in deployment costs for the ERC-1155 contract. This is advantageous if smart contracts are provided to multiple users. However, when configured as 1:N, the centralization obtained will likely provide a single point of failure (SPOF). Therefore, it is necessary to accommodate contracts by distributing them in an N:M instead of a 1:N configuration.
First, a target must be selected to secure integrity and transparency through the blockchain. This may be a legal document generated during the production, distribution, or information collected using IoT devices. Second, the information recorded in the blockchain is analyzed and tokenized to be managed through a token. Tokens can track changes in ownership to identify the current status of each step; although not covered in this study, large amounts of data, such as images and audio, can be stored and managed using a distributed file system, such as IPFS. However, because tokenization used to manage physical objects can destroy or change the tracking of tokens leading to incorrect tokens, additional measures should be taken to prevent invalid tokens from being distributed in the market.

Conclusions
The current wild-simulated ginseng quality management system in Korea is offline and uses paper documents, making it difficult to ensure the integrity of information and incurring high document management costs. In addition, fraud may occur, such as forging the offline certificates or changing the contents. A sound wild-simulated ginseng quality management system must ensure high transparency and integrity to gain the trust of consumers or participants. Blockchain technology has been applied to various processes to achieve high certification reliability. Therefore, utilizing blockchain and tokens technology, we designed a reliable automated wild-simulated ginseng management system in Korea. When introducing tokens, the target of tokenization was selected, and an appropriate token was selected by comparing and analyzing the token standard. Because food disappears when consumed; problems may occur when malicious consumers try to reintroduce tokens of consumed wild-simulated ginseng into the supply chain. Here we propose measures to prevent the circulation of these tokens in the market.
In the future, further research is needed to introduce the model to foods other than wild-simulated ginseng. Moreover, a similar framework can be applied to other industries by improving the research focused on the wild-simulated ginseng management blockchain framework.

Conflicts of Interest:
The authors declare no conflict of interest.