Current near field communication (NFC) systems rely on a hardware component commonly referred to as a “secure element” or a “secure memory” installed on communication devices to provide a secure operating environment for identification and authentication, physical security access, and other secure functions. A secure element generally includes its own operating environment with a tamper-proof microprocessor, memory, and operating system. An NFC controller receives a request message from a third party system and transmits the message to the secure element for processing. A trusted service manager (TSM), or other form of secure service provider, can, among other things, install, provision, and personalize applications and data in the secure element. The secure element has one or more access keys that are typically installed at time of manufacture. A corresponding key is shared with the TSM so that the TSM can establish a cryptographically secure channel to the secure element for installation, provisioning, and personalization of the secure element while the device having the secure element is in the possession of an end user. In this way, the secure element can remain secure even if the host CPU in the device has been compromised.
One deficiency with current NFC systems is that a tight coupling exists between the secure element and the TSM. For current deployments, only one TSM has access to the keys of a particular secure element. Therefore, the end user can choose to provision secure element features that are supplied by the one TSM only. The manufacturer of the device typically chooses this TSM. For example, a smart phone manufacturer may select the TSM for smart phones under guidance from a mobile network operator (MNO), such as Phone Company A, that purchases the smart phone, rather than the end user. Thus, the TSM features available to the end user may not be in the end user's interest. As an example, the MNO may have a business relationship with only one service provider, such as Company X. That TSM may allow the secure element to be provisioned with processing instructions from the one service provider only. Thus, the end user would not be able to access services from other service providers, such as Company Z.