EMV Contactless Kernel Deep Dive
Deep dive into EMV contactless kernels covering kernel IDs, entry point specifications, and tap-to-pay transaction processing.
EMV Contactless Kernel Deep Dive
The EMVEMVApplicationGlobal chip payment card standard.Click to view → Contactless Specifications divide the contactless payment stack into numbered Kernels — each kernel corresponds to a specific payment brand's contactless application and defines exactly which APDU commands the terminal must send, which data objects it must process, and which Cardholder Verification Methods it must support.
Kernel Map
| Kernel | Brand | Application AIDAIDProtocolUnique identifier for card applications.Click to view → prefix | Notes |
|---|---|---|---|
| Kernel 1 | Interac Flash | A0 00 00 02 77 | Canada domestic debit |
| Kernel 2 | Mastercard Contactless | A0 00 00 00 04 | M/Chip Contactless |
| Kernel 3 | Visa Contactless | A0 00 00 00 03 | qVSDC / MSD |
| Kernel 4 | Amex Expresspay | A0 00 00 00 25 | |
| Kernel 5 | JCB Contactless | A0 00 00 00 65 | |
| Kernel 6 | Discover/Diners | A0 00 00 01 52 | |
| Kernel 7 | UnionPay Quickpass | A0 00 00 03 33 | QPBOC |
A single terminal typically implements Kernels 2, 3, and 6 at minimum for global acceptance. The Entry Point (EMV Contactless Kernel 1 spec, Book A) is the common pre-processing layer that runs before any kernel-specific logic.
Entry Point Pre-Processing
Before invoking a kernel, the terminal runs Entry Point, which:
- Builds the Candidate List — SELECT (INS=
A4) PPSEs and each known AID prefix - Applies Combination Selection — matches card AIDs against terminal configuration
- Determines routing — which kernel handles the transaction
- Sets up UDOL — Unpredictable Number, Terminal Capabilities for the kernel
Entry Point READ RECORD sequence:
# Step 1: Select PPSE
Command: 00 A4 04 00 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00
|---- "2PAY.SYS.DDF01" (Proximity PPSE) ----|
# Step 2: Select application AID (Kernel 2 example)
Command: 00 A4 04 00 07 A0 00 00 00 04 10 10 00
# Step 3: GET PROCESSING OPTIONS
Command: 80 A8 00 00 02 83 00 00
Response: 80 0A ... (AIP + AFL)
SW1 SW2: 90 00
Kernel 2 (Mastercard) Flow
Kernel 2 implements qChip — the Mastercard contactless online-preferred flow:
| Step | Command | Key Data Objects |
|---|---|---|
| GPO | 80 A8 00 00 |
AIP (82), AFL (94) |
| READ RECORD | 00 B2 xx xx |
PAN, Expiry, Track 2 Eq. Data |
| COMPUTE CC | 80 2A 8E 80 |
PDOL response, AC type request |
| GENERATE AC | Response | ARQC / TC + IAD, ATC, CryptogramInfo |
The Authorisation Request Cryptogram (ARQC) is sent to the issuer for online authorisation. The 8-byte ARQC is computed on-card using 3DES3DESCryptographyLegacy triple-DES symmetric cipher in payment smart cards.Click to view → (legacy) or AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view → (newer M/Chip 5 cards) with the issuer master key diversified by PAN + sequence number.
Kernel 3 (Visa) Flow
Kernel 3 supports two contactless modes:
- qVSDC (quasi-VSDC): Full chip transaction — GPO + READ RECORD + GENERATE AC
- MSD (Magnetic Stripe Data): Legacy mode — returns Track 2 data and a dynamic CVC3; faster but less secure
For qVSDC the CDOL1 (Card Risk Management Data Object List 1) drives GENERATE AC:
# GENERATE AC — request ARQC (AC type 80 in p1)
Command: 80 AE 80 00 [CDOL1 length] [CDOL1 data...] 00
Response: 77 xx 9F 27 01 80 <- CID = 80 ARQC
9F 26 08 [8-byte ARQC]
9F 10 07 [IAD]
SW1 SW2: 90 00
CVM (Cardholder Verification Method) Requirements
| Kernel | Low-value (< floor limit) | High-value (> CVM required limit) |
|---|---|---|
| Kernel 2 | No CVM | Online PIN or CDCVM |
| Kernel 3 | No CVM | Signature or Online PIN |
| Kernel 6 | No CVM | Online PIN |
CDCVM (Consumer Device CVM) — e.g., Face ID, fingerprint on a mobile device — allows contactless payments above the floor limit without a terminal PIN pad interaction.
Floor Limits and Terminal Risk Management
Each acquiring bank configures terminal floor limits per scheme. A transaction below the floor limit may proceed offline (TC generated on-card); above it, an ARQC is mandatory and the issuer must authorise online.
The APDU Builder can construct GENERATE AC commands for testing. For the broader smart card standard underlying EMV, see ISO 7816 Parts Guide.
자주 묻는 질문
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.