Architecture

At a hardware level, there is at least one chip, called the NFC radio. In order to run secure applications such as payment, transport ticketing, or access to buildings, there is need for a second chip, called the Secure Element (SE).

The NFC radio can interact with Tags, Readers, or other NFC Peers when they are in close proximity to one another (typically less then 10cm). This NFC radio is connected to a Host controller, which can be the Baseband or Application Processor on a phone or the core CPU in a PC.

A Secure Element (SE) is separate chip which contains a secure processor, tamperproof storage and execution memory. This processor is different from the Host processor or PC processor. Its sole purpose is enabling secure transactions. The Secure Element contains applications which rely on secure keys running inside the secure processor. The applications which run on the secure element typically run on a Javacard OS.

There are multiple ways that the SE may be connected to the radio. Without the SE, you can’t do things like secure payments (e.g.: using Google Wallet), or enable physical access control, (e.g.: getting through to a secure area at your work). Not all applications require the use of an SE. The “Use Cases” and “Idea Board” pages contain some examples of applications for NFC that rely on the SE, and ones that don’t.

Security at a Glance

So what makes apps secure is that there is ONLY one way to load the applications onto the SE, and that is for the app to know some of the individually unique keys stored on the Secure Element. Since they are physically inside the Secure Element in a tamper proof memory, with no way to read them in software, you’d have to know them in advance.