Some storage devices, such as some universal serial bus (USB) devices or memory cards, have sophisticated security systems that require a host device to run an application to enable it to communicate with the storage device using special application program interfaces (APIs). Since a host device may not be preloaded with such an application, the storage device can carry the application with it and provide it to the host device when the storage device is connected with the host device. The application is usually located in a partition that is separate from the public partition used to store user data and is uploaded to the host device before authentication. To protect the application from tampering, the application can be stored in a read-only partition in the storage device.
Because the application may become out of date, because security weaknesses may be found over time, and/or because new applications with extended features may be released, it is desired to provide a mechanism to update the application. One prior technique for such an update is shown in FIG. 5. In this technique, a server 500 establishes a secure channel 505 through the host device 510 to the storage device 520 and delivers the updated application through the secure channel 505 using encrypted and/or signed commands. The direct secure channel 505 between the server 500 and the storage device 520 is used because it is possible that the host device 510 and/or storage device 520 can be compromised and not trusted. While the use of a secure channel 505 protects the updated application from being tampered with, this technique requires the storage device 500 to be connected to the server 500 over a network during the entire update process. Further, the server 500 may need to encrypt and/or sign data using a different key for every storage device that is updated, which can add time and expense to the update process. This technique also may require the server 500 to have knowledge of the storage commands needed to store the updated application in the storage device 520, as the host device 510 merely acts as a proxy.