When distributing data by using IP multicast communications, means of ensuring security such as concealing distributed information and authenticating the data sender have become extremely important matters. To resolve these kinds of problems, the authors introduce dynamic secure group communications for enabling access to a multicast communications group by using an encryption key. To realize dynamic secure group communications, the group key must be updated and redistributed (re-keying) when a new user joins a communications group or a group member leaves. When the key is distributed or updated on the network, traffic problems and problems that affect data communications that accompany them must be taken into consideration. To implement services for providing multicast applications on a network, the authors propose a key distribution and updating protocol that takes into consideration system safety and reliability. In particular, they observe the wide-area network topology, determine a subgroup management server that has proxy functions on a LAN segment, and propose a system for collecting together key distribution response messages on that LAN segment and returning them to the key management server. In addition, they assume a general multicast network model and evaluate the proposed technique according to numerical calculations. The evaluation results show that in addition to shortening the key updating time in a large-scale system and reducing its effect on data communications, the proposed technique can reduce the concentration of communication traffic on the group management center. © 2006 Wiley Periodicals, Inc. Syst Comp Jpn, 37(2): 11–24, 2006; Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/scj.20389