Abstract: One of the major problem areas of secure multicast is group key management. There are two problems about “1 affects N” and communication delay that is produced by overheads of decryption and re-encryption for them in existent group key management protocols. Referring to a multicast key management security infrastructure offered by a representative protocol “Iolus” of distributed model and IGMP, a new distributed key management architecture is designed in this paper. In this architecture, multicast group is constructed by some distributed subgroups. An enhanced Logical Key Hierarchy protocol is adopted for subgroup key management. A distributed group key management protocol based on agent for large dynamic multicast is presented. A drawback of existent protocols lack of membership authentication is eliminated by adding signed token to our protocol. This protocol decreases “1 affects N”, provides better scalability. Compared with LKH and Iolus, it efficiently decreases some overheads such as communication delays and bandwidth.