With the rapid development of the Internet, many commercial and network-based services, such as pay-TV and on-line games, have become popular. To control access to these services for legal members only, a common way is to use a cryptographic key to protect the communication and disclose the key only to the group of legal members. The group key management (GKM) is for a group manager to maintain a common cryptographic (group) key for a dynamic group of legal members through a network channel. A GKM scheme can also be used to provide communication privacy and transmitted message integrity. In this paper, we first demonstrate a collusion attack against Chen, et al.'s concrete RSA-based GKM scheme . Then, we propose an efficient and provably-secure GKM scheme using the key derivation method. Our GKM scheme has some attractive features. Firstly, the proposed scheme are very efficient since the key derivation method uses simple keyed hash plus XOR operations. Secondly, the proposed scheme have an efficient rekey mechanism for a member who may become off-line and miss group key updates in his off-line period. Finally, the proposed scheme can be proved secure based on the pseudorandom function family assumption and one-way property of a hash function.