The Virtual Software Token Protocol was proposed by Know as a practical method for secure public key infrastructure roaming. However, he recently found a weakness of the protocol under the original assumption, and proposed two revised versions, namely refinement and improvement, which lost the desirable properties of scalability and efficiency respectively. In this letter, a secure improvement is proposed for better performance in both scalability and efficiency. Unlike the author's improvement, our improvement provides parallel execution as the original protocol did.

In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

In 2000, Wang et al. proposed a (t,n) threshold signature scheme with (k,l) threshold shared verification, and a (t,n) threshold authenticated encryption scheme with (k,l) threshold shared verification. Later, Tseng et al. mounted some attacks against Wang et al.'s schemes. At the same, they also presented the improvements. In this paper, we first point out that Tseng et al.'s attacks are actually invalid due to their misunderstanding of Wang et al.'s Schemes. Then, we show that both Wang et al.'s schemes and Tseng et al.'s improvements are indeed insecure by demonstrating several effective attacks.