XML signature technology is the major approach for ensuring XML data authentication. An XML signature should satisfy multiple data authentication requirements for XML data which pass a hierarchical network of responsibilities. Through investigation, existing XML multisignature schemes can not satisfy this requirement. This paper presents a series-parallel XML multisignature scheme based on Lu’s XML multisignature scheme. In the scheme presented, signers are divided into series or parallel subgroups according to their relationship, making the multisignature process closer to a natural signature-generation process. The scheme builds an XML data integrity-checking pool to provide integrity-checking for decomposed XML data. With this integrity-checking pool, signers can check integrity without the cooperation of others checkers. Testing shows that the scheme presented has a higher efficiency than repeated DSA or RSA, and satisfies application requirements in practice.
XML security, XML data authentication, XML multisignature, DSA, RSA