In a previous work [1], Wang et al. proposed a privacy-preserving outsourcing scheme for biometric identification in cloud computing, namely CloudBI. The author claimed that it can resist against various known attacks. However, there exist serious security flaws in their scheme, and it can be completely broken through a small number of constructed identification requests. In this letter, we modify the encryption scheme and propose an improved version of the privacy-preserving biometric identification design which can resist such attack and can provide a much higher level of security.

As a specific signature, the nominative proxy signature scheme is a method in which the designated proxy signer generates a nominative signature and transmits it to a verifier, instead of the original signer. Recently, Seo et al. proposed a nominative proxy signature scheme for mobile communication and claimed that the scheme hash non-repudiation. However, after analyzing the scheme, we show that the scheme is insecure and cannot provide non-repudiation, note that a malicious original signer can forge the proxy signer to sign on any message. Finally, we also present a modification version of the scheme to repair the security flaw.