EMV kernels with cloud technology: 28 most important questions

Share on facebook
Share on twitter
Share on linkedin
Share on email

Table of Contents

What is cloud EMV kernel?

Cloud kernel is an EMV level 2 kernel software running on the cloud environment instead of on the card reader.

What is the difference between embedded and cloud EMV kernels?

Both embedded and cloud kernels do the same EMV functions. The difference is about which operation environment the kernel runs in. Embedded kernels are embedded inside the POS device reader and run on the card reader secure processor. Cloud kernel resides on a cloud platform and runs in a PCI-certified environment on the cloud.

Is the user experience the same between embedded and cloud kernels?

User experience is the same between embedded and cloud kernels. User experience is managed outside the kernel. POS companies may develop user experience independently from the kernel.

What does the cloud EMV kernel address?

Cloud kernel addresses the following issues :

  • Repeated and costly EMV certification process for every hardware
  • Difficulty to port EMV level 2 kernel to increasing number of hardware and operating systems
  • Lack of EMV data to monitor and troubleshoot the transaction issues
  • Difficulty to update and maintain EMV terminal parameters on the payment terminals in the field

In a cloud kernel solution, which part of the EMV level 2 kernel still works on the device?

Card reading, account data encryption, and PIN encryption must be done on the device. All other parts of the EMV kernel may run on the cloud. However, depending on solution design, performance requirements, or other factors, kernel vendors may implement some additional parts of the EMV kernel on the device.

How different is cloud EMV level 2 kernel certification?

EMV kernel certification process is almost the same for cloud kernel. The only difference is vendors need to define modules of the EMV level 2 kernel running on the cloud and on the device. (Split Application Kernel). EMVCo has revised its type approval testing process to accommodate Split Application Kernel test submission. You can find more information about EMV certification in the https://www.emvco.com/

Which entities certify cloud kernel?

EMVCo and payment schemes certify cloud kernels.

Which EMV labs give certification for cloud kernel?

The labs accredited by EMVCo or payment brands give EMV certification to cloud kernel.

Which EMV certification test tools are used for cloud kernel?

The same certification test tools are used as test scenarios for the cloud kernel are the same as the embedded kernel.

In a cloud kernel solution, is a new EMV kernel certification required for new hardware or mobile phone operating systems?  

If the kernel vendor wants to physically change one of the sub-components containing a part of the split kernel, resubmission of the whole device will be required. 

The following rules apply to EMV kernels, submitted to EMVCo for testing as a result of changing a subcomponent in the device: 

  • The changed sub-component is identified in the ICS submitted 
  • The whole device with changed physical sub-component is tested by the Laboratory with Regression template,
  • The newly submitted device will also be retained by the laboratory for a period of the LoA validity + 1 year 

Is EMV level 1 certification different for cloud kernel?

Cloud kernels use the same EMV level 1 kernel, so the certification process for EMV level 1 is the same as the embedded kernel.

Does EMV level 1 kernel run on the device or the cloud?

EMV L1 kernel is a hardware-based firmware application and it must run on the device.

Is cloud kernel different than cloud POS?

Yes, the cloud kernel represents the EMV kernel-related processing. POS applications are generally abstracted from EMV kernels. They run on top of the EMV kernels and calls the EMV SDK of the kernel. Having the EMV kernel on the cloud doesn’t mean that the POS is a cloud POS.

Is an additional certification required for cloud EMV kernels?

Cloud kernel providers should receive the PCI DSS certification for their cloud environment to ensure secure processing of the card data. You can see Fairbit’s PCI DSS certification at this link.

Can card account data or PIN be compromised in a cloud kernel solution?

Cloud kernel doesn’t store account data or PIN data as per PCI DSS regulations. The communication between the kernel client app and the kernel cloud is always encrypted.

Does cloud kernel have the same transaction speed as an embedded kernel?

Cloud kernels may reach almost the same performance as embedded kernels if they are designed in a good way. Also, payment brands don’t give contactless EMV certification if EMV kernel performance is not at the expected level. Please contact Fairbit to get more information about Fairbit’s cloud kernel transaction performance.

Is the EMV level 3 certification process different for cloud kernel?

EMV L3 certification process is the same for embedded and cloud kernels.

How can I upgrade my embedded EMV kernels to the cloud?

It is not possible to run the same embedded EMV kernels on the cloud environment. You need to ask your kernel vendor if they can provide you cloud kernel. Fairbit offers a cloud kernel solution. You can find more information about Fairbit solution at this link.

Does cloud kernel manage the secure PIN entry?

Secure PIN entry is managed outside the EMV kernel. It is managed in the secure processor of the POS devices or white-box cryptography in mobile phones and tablets.

How can I integrate my POS application to cloud kernel service?

Fairbit provides you an EMV SDK running on your POS device or mobile phone along with SDK documentation. POS application should call Fairbit EMV SDK APIs to integrate to Fairbit cloud kernel. The SDK gets the transaction amount and other transaction data from the POS application and sends them to the EMV kernel on the cloud. The SDK also communicates with the card reader to perform a transaction. At the end of the transaction, EMV SDK returns to POS application online authorization data along with encrypted card number and encrypted PIN.

Does Fairbit EMV SDK provide POS application flexibility to implement special flows?

Fairbit EMV SDK seamlessly adapts to an existing POS application and provides flexibility to implement special flows, such as U.S common debit application selection. POS applications may instruct the SDK to stop at certain points of a transaction and give the EMV data back to them. POS applications can implement their specific regional or EMV related flows in the middle of EMV kernel flow.

Does cloud kernel support any POS terminal operating system?

Cloud kernel runs on the cloud and it is not dependent on the operating system of the hardware. There is a tiny application on the device managing card reader and POS application communication. This application can be adapted easily to different operating systems.

Does cloud kernel support the Android operating system?

Yes, currently Fairbit cloud kernel is certified with the Android operating system as part of Fairbit SoftPOS solution. SoftPOS solution uses cloud EMV kernel to enable Android phones to accept payment transactions. You can find the certification news at this link.

Does cloud kernel support the iOS operating system?

Currently, Apple doesn’t allow third-party applications to access the NFC feature on the device.

Does cloud EMV kernel manage EMV terminal parameters on the cloud?

Fairbit cloud kernel manages the EMV terminal parameters on the cloud. This eliminates the hassles of the config loading process to devices in the field.

Can cloud kernel integrate into any Terminal Management System for EMV config management?

Cloud kernel manages EMV terminal configuration in its database on the cloud and offers web-based user interfaces to update config. The solution may integrate into any Terminal Management System. So that TMS systems may assign EMV config versions to devices in the field. During the transaction, POS application lets EMV level 2 kernel which config to use.

Does cloud kernel support offline transactions?

Cloud kernel supports offline transactions. In EMV, an offline transaction means that the transaction is completed without going to an acquirer network.

Does cloud kernel run without an internet connection?

Cloud kernel doesn’t run without an internet connection since transaction data should be sent to the cloud server for processing.

Share on facebook
Share on twitter
Share on linkedin
Share on email

Cloud Kernel vs Embedded Kernel

Payment Business At The Edge : Cloud Kernel vs Embedded Kernel Payment business is going through significant changes recently. Increasing security concerns, cost reduction and