As technology advances, the size of an integrated circuit that performs certain function has in general been shrinking continuously. More processing power, and more data storage capacity, can be packed into the same space that would be required previously for the same processing power or data storage capacity. As a result, the form factor of today's electronic devices is smaller, often much smaller, than the form factor of electronic devices from yesteryears. For example, universal serial bus (“USB”) flash drives, a type of electronic device used mainly for data storage, may have a physical size smaller than a typical lighter but a data storage capacity ranging from 1 to 64 gigabytes.
Smaller form factor brings the benefit of portability. It has become possible for consumers to store relatively large amounts of information, including data, video, and music files, in a portable data storage device that can be easily carried from place to place. The relatively light weight and small physical size of portable data storage devices make them an ideal solution not only for data storage external to a host computer system, but also for data transfer between one computer and another. In the example of USB flash drives, a user can plug the device into a USB port of a first computer, computer A, to transfer data from computer A to the device, and then plug the device into a USB port of a second computer, computer B, to transfer data from the device to computer B. This is especially useful when data transfer between the two computers via other means is inconvenient or unavailable.
Like many electronic devices, a portable data storage device typically includes a microcontroller that manages the operations of the device based on an embedded computer program known as firmware. The firmware may be embedded in a hardware device, such as the microcontroller, provided on flash read-only memory (“ROM”) or other type of non-volatile media that is part of the portable data storage device, or provided as a binary file that can be uploaded onto the device by a user. Regardless of the type of device, its firmware typically may be updated post-manufacturing, also known as field firmware update. Vendors of electronic devices using firmware provide firmware updates for various reasons, such as fixing bugs, adding new functionality. Because firmware updates can improve the performance, reliability, and even the available functionality of a device, vendors of electronic devices typically make firmware updates available regularly so that consumers can make field firmware updates for their devices. For instance, recording devices, such as optical media writers (DVD, CD, HD DVD, Blu-ray), are known to have field firmware updates regularly to ensure the hardware is kept up to date and compatible with the latest development in the technology. Similarly, portable data storage devices, such as USB flash drives and the like, also need field firmware updates from time to time.
Field firmware update, however, is not without potential risks or difficulties. One potential risk relates to the integrity of a newly received firmware that is meant to be used to update the existing firmware. More specifically, for example, a new firmware received by a user via the Internet could potentially have been tampered with by a hacker. One solution to ensuring the integrity of new firmware is the use of public key infrastructure (“PKI”), a well-known art in the field of cryptography. Under a PKI arrangement, computer users are enabled to be authenticated to each other without prior contact, and to use the private key information to encrypt messages, such as new firmware for firmware updates, to each other. When an encrypted message is received by a receiving party the message is destined for, the receiving party uses a sender public key to decrypt the encrypted message.
Another potential risk associated with field firmware updates is the possibility of loading firmware into a wrong platform. For example, a new firmware that works only with a first portable data storage device having a memory manufactured by vendor A could possibly be loaded into a second portable data storage device having a memory manufactured by vendor B. Even if the new firmware has no integrity problem as discussed above, it nevertheless should not be used to update the existing firmware in the second portable data storage device. This is because if an unaware user updates the existing firmware in the second portable data storage device with the new firmware that is meant for the first portable data storage device, the second portable data storage device could be rendered inoperable as a result of the firmware update.
There is, therefore, a need for a method and system to ensure portable data storage devices are updated with correct firmware.