Addressing the challenge of simultaneously achieving concealment, robustness, and generalizability in large language model (LLM) copyright protection, this paper proposes CTCC—a rule-driven, fingerprinting framework grounded in cross-turn contextual correlation. Unlike conventional token-level or single-turn trigger mechanisms, CTCC implicitly embeds ownership identifiers by leveraging semantic dependencies—such as counterfactual reasoning—across multi-turn dialogues, enabling black-box verification while preserving fingerprint integrity under partial trigger leakage or adversarial attacks. It achieves implicit control over model output behavior via semantic consistency constraints and context-sensitive triggering. Extensive experiments across diverse LLM architectures demonstrate that CTCC significantly outperforms state-of-the-art methods: it attains low false-positive rates, strong robustness against perturbations and fine-tuning, high concealment (undetectable without oracle access), and practical deployability in real-world scenarios.

The widespread deployment of large language models (LLMs) has intensified concerns around intellectual property (IP) protection, as model theft and unauthorized redistribution become increasingly feasible. To address this, model fingerprinting aims to embed verifiable ownership traces into LLMs. However, existing methods face inherent trade-offs between stealthness, robustness, and generalizability, being either detectable via distributional shifts, vulnerable to adversarial modifications, or easily invalidated once the fingerprint is revealed. In this work, we introduce CTCC, a novel rule-driven fingerprinting framework that encodes contextual correlations across multiple dialogue turns, such as counterfactual, rather than relying on token-level or single-turn triggers. CTCC enables fingerprint verification under black-box access while mitigating false positives and fingerprint leakage, supporting continuous construction under a shared semantic rule even if partial triggers are exposed. Extensive experiments across multiple LLM architectures demonstrate that CTCC consistently achieves stronger stealth and robustness than prior work. Our findings position CTCC as a reliable and practical solution for ownership verification in real-world LLM deployment scenarios. Our code and data are publicly available at <https://github.com/Xuzhenhua55/CTCC>.