Research on the Design of Terminal Equipment SoC Based on PCI Security Standards by 刘天翔
 
 
学校编码：10384                               分类号         密级       












基于 PCI 安全标准的终端设备 SoC 设计研究 
Research on the Design of Terminal Equipment SoC Based on 






指导教师姓名:  王云峰 副教授 
       郭东辉  教授 
专  业 名 称:  电路与系统 
论文提交日期:  2012 年   月 
论文答辩日期:  2012 年   月 
学位授予日期:  2012 年   月 
                  
 
                 答辩委员会主席：             






































另外，该学位论文为（                            ）课题（组）
的研究成果，获得（               ）课题（组）经费或实验室的











































（     ）1.经厦门大学保密委员会审查核定的保密学位论文，
于   年  月  日解密，解密后适用上述授权。 







                             声明人（签名）： 



































研发的符合 PCI标准的金融终端 SoC芯片具有重要的社会意义与经济效益。 
论文根据 PCI 安全标准的 12 大项要求，完成了用于金融终端的安全 SoC 芯









此外，论文完成了 PCI安全 SoC芯片的 FPGA原型实现与仿真。基于此原型，

































With the wide application of computers and network, the payment of card has 
become a major consumer means. However, as the payment card is of virtual nature, it 
has inevitably some security problems. Once attackers get access to users' certain 
information, they would impersonate the legal user and some illegal purposes be 
achieved. Therefore, the financial terminal equipment ask for higher demands on 
information security and confidentiality of performance. The problem of paying safely 
with the card is still being worked on. And to solve the problem, some world's major 
well-known payment card manufacturers, such as: Visa, MasterCard, American 
Express and JP Morgan Chase have jointly established the PCI  Security Standards 
Council who formulated PCI security standards. The SoC used in our country’s large 
banks, securities and other payment industry is mainly constituted with foreign chip. 
With the specialty of ‘safety’ in chip, large security chip corporations in foreign 
countries would protect their own technology and the open-source security SoC chip 
is unavailable. The using of foreign chip would not only get us controlled in 
technology, but also it’s difficult to find the chip inside the back door circuit, which 
means the security can not be guaranteed. It is of great practical significance and 
economic benefits to design a self-developed PCI Security SoC. 
The paper according to the 12 requirements of PCI, the solution plan is designed 
to handle existing security problem of paying card. The SOC use ARM's AMBA 
on-chip bus, reuse of the 32 high-performance Leon3 CPU and I2C, UART, Ethernet, 
USB, SDRAM controller, DDR2 controller, GPIO and other digital peripherals. In 
order to expand the SOC chip applications, to facilitate the security upgrade of the 
terminal device, the SOC chip in addition to containing China's banking industry 
using the DES algorithm, also integrates the AES algorithm; paper also uses 
reconfigurable technology of AES and RSA calculations were hardwareachieve, the 
designer of the terminal according to safety requirements, choose the optimal key 















anti-differential power analysis attacks circuits’ and ‘multi-master-slave SPI 
communication interface circuit’ are initially put forward and realized in the paper to 
guard against the snooping and tampering of important security datum in the two 
ways of ‘differential power analysis’ and ‘one-way outside data communication’ 
which are hard to prevent from. Experiments results show that the two circuits are 
successfully complete their purpose to stop attack from the two aforesaid ways. 
In addition, the application testing environment of PCI Security chip FPGA is 
build in this paper to simulate the real environment. Completed of U key certification 
process validation. The results show that the SOC chip can be used for POS, PIN 
PAD, keyboard and other financial terminals, has broad application prospects. 
 
















第一章  绪 论 ........................................................................................................................ 1 
1.1 研究背景及其意义 ................................................................................................... 1 
1.2 研究现状 ................................................. 3 
1.3 主要研究工作 ............................................. 6 
第二章 PCI 安全终端设备 SoC 的设计基础 ......................................... 7 
2.1 PCI标准 .................................................. 7 
2.2 安全 SOC的加密算法选择 ................................... 9 
2.2.1 对称加密算法 ......................................... 10 
2.2.2 非对称加密算法 ....................................... 12 
2.3 安全 SOC的总线选择 ...................................... 13 
2.4 SPI总线介绍 ............................................. 15 
2.5 本章小结 ................................................ 15 
第三章 PCI 安全 SoC 的系统设计 ....................................................... 17 
3.1 SOC的结构设计 ........................................... 17 
3.2 32位高速稳定的 LEON3 MCU ................................. 19 
3.2.1 AMBA On-Chip Bus ..................................... 20 
3.2.2 SPAPC V8 标准 ........................................ 22 
3.2.3 Interger Unit 设计 ................................... 24 
3.2.4 Cache 缓存设计 ....................................... 25 
3.2.5 片上 DEBUG单元设计 ................................... 26 
3.3 数字外设 ................................................ 27 
3.3.1 I2C   设计 ........................................... 27 
3.3.2 UART  设计 ........................................... 28 
3.3.3 以太网设计 ........................................... 28 
3.3.4 USB   设计 ........................................... 29 













基于 PCI 安全标准的终端设备 SoC 设计研究 
 VI 
3.3.6 DDR2 控制器 .......................................... 32 
3.3.7 GPIO  设计 ........................................... 33 
3.3.8 多主多从的 SPI接口 ................................... 33 
3.4 低功耗电源管理设计 ...................................... 35 
3.5 安全模块设计 ............................................ 36 
3.6 本章小结 ................................................ 37 
第四章 PCI 安全 SoC 的安全模块设计 ............................................... 38 
4.1 SOC的安全模块总体设计 ................................... 38 
4.1.1 符合 PCI标准的数据安全处理 ........................... 38 
4.1.2 安全模块的硬件结构设计 ............................... 39 
4.1.3安全模块的工作原理 ................................... 40 
4.2 加密引擎模块的实现 ...................................... 41 
4.2.1 AES 模块设计实现 ..................................... 42 
4.2.2 RSA 模块设计实现 ..................................... 45 
4.2.3 DES/3DES 引擎模块实现 ................................ 49 
4.3 安全 BOOTROOM锁的实现 ..................................... 54 
4.4 PRNG模块的设计实现 ...................................... 56 
4.5 抗差分功耗电路的实现 .................................... 58 
4.6 安全的 SPI接口通讯 ...................................... 61 
4.7 带后备电源的安全岛 ...................................... 62 
4.8 本章小结 ................................................ 67 
第五章 PCI 安全 SoC 的 FPGA 原型的实现和验证 .......................... 68 
5.1 FPGA原型实现 ............................................ 68 
5.1.1 Xilinx 开发工具 ...................................... 69 
5.1.2 芯片 Virtex-5硬件实现 ................................ 71 
5.2 加密引擎的软硬件协同验证 ................................ 71 
5.2.1 AES 加密引擎仿真 ..................................... 71 















5.2.3 DES/3DES 加密引擎仿真 ................................ 89 
5.2.4 RNG 随机数引擎仿真 ................................... 98 
5.2.5 多设备 SPI接口核的功能仿真 ........................... 99 
5.2.6 抗差分功耗攻击电路的功能仿真 ........................ 101 
5.3 整体 SOC的 FPGA验证 .................................... 102 
5.3.1 SoC 的 U盾系统验证 .................................. 102 
5.3.2 SoC 的自毁功能的验证 ................................ 115 
5.4 本章小结 .................................................. 117 
第六章 总结与展望 .............................................................................. 118 
参 考 文 献 .......................................................................................... 119 
硕士期间发表的论文 ............................................................................ 122 




























1 Introduciton ............................................................................................ 1 
1.1 Research Background and Meaning ............................................................ 1 
1.2 Current Situation ........................................................................................... 3 
1.3 Main Research work ...................................................................................... 6 
2 SOC design basis of the terminal equipment of the PCI Security .... 7 
2.1 PCIstandard ................................................................................................... 7 
2.2 Encryption algorithm of the safety of the SOC selection ........................... 9 
2.2.1 Symmetrical encryption algorithm ..................................................... 10 
2.2.2 Asymmetric cryptographic algorithm ................................................. 12 
2.3 Safety SOC bus select ........................................................................... 13 
2.4 SPI bus introduction ............................................................................. 15 
2.5 Summary ................................................................................................ 15 
3 PCI security SoC system design ......................................................... 17 
3.1 Structural design of the SoC ................................................................ 17 
3.2 32 bit high-speed stability of Leon3 MCU .......................................... 19 
3.2.1 AMBA On-Chip Bus ........................................................................ 20 
3.2.2 SPAPC V8 ........................................................................................ 22 
3.2.3 Interger Unit design ......................................................................... 24 
3.2.4 Cache design .................................................................................... 25 
3.2.5 DEBUG unit design ......................................................................... 26 
3.3 Digital peripherals ................................................................................ 27 
3.3.1 I2C .................................................................................................... 27 
3.3.2 UART ............................................................................................... 28 
3.3.3 Ethernet design ................................................................................. 28 
3.3.4 USB .................................................................................................. 29 
3.3.5 SDRAM controller ........................................................................... 32 













基于 PCI 安全标准的终端设备 SoC 设计研究 
 X 
3.3.7 GPIO ................................................................................................ 33 
3.3.8 universal multiple devices SPI interface design .............................. 33 
3.4 Low power management design........................................................... 35 
3.5 Security module design ......................................................................... 36 
3.6 Summary ................................................................................................ 37 
4 security module of the PCI Security SOC design ............................. 38 
4.1 security module of the overall design of SOC .................................... 38 
4.1.1 PCI-compliant data security processing ........................................... 38 
4.1.2 hardware architecture of the security module .................................. 39 
4.1.3 Security module principle of work ..................................................... 40 
4.2 Realization of the cryptographic module ............................................ 41 
4.2.1 AES module design and implementation ......................................... 42 
4.2.2 RSA module design and implementation ......................................... 45 
4.2.3 DES/3DES module design and implementation .............................. 49 
4.3 realization of the bootroom safety lock ............................................... 54 
4.4 PRNG module design and implementation ........................................ 56 
4.5 realization of anti-differential power analysis attacks circuits ......... 58 
4.6 safety of the SPI interface communication ......................................... 61 
4.7 Safety island with back-up power ....................................................... 62 
4.8 Summary ................................................................................................ 67 
5 PCI Security SoC FPGA prototype implementation and verification
 ................................................................................................................... 68 
5.1 FPGA prototype implementation ........................................................ 68 
5.1.1 Xilinx Development tools ................................................................ 69 
5.1.2 Virtex-5 Hardware implementation ................................................. 71 
5.2 Encryption engine of the hard-software co-verification .................... 71 
5.2.1 AES encryption engine design verification ..................................... 71 













Degree papers are in the “Xiamen University Electronic Theses and Dissertations Database”. Full
texts are available in the following ways: 
1. If your library is a CALIS member libraries, please log on http://etd.calis.edu.cn/ and submit
requests online, or consult the interlibrary loan department in your library. 
2. For users of non-CALIS member libraries, please mail to etd@xmu.edu.cn for delivery details.
厦
门
大
学
博
硕
士
论
文
摘
要
库
