One embodiment provides a key transfer system and method based on a shared security application. During operation, an application executing on a terminal device receives an application key comprising at least a service key from a management server of the application and forwards the application key to a management server of a shared security application residing in a secure element in the terminal device, thereby facilitating the management server of the shared security application to deliver the application key to the shared security application. The application invokes the application key stored in the shared security application to perform services associated with the application. The application key is isolated from other application keys associated with other applications stored in the shared security application.