In a secure multicast communication environment, only valid members belong to the multicast group could decrypt the data. In many previous researches, there is one "group key" shared by all group members. However, this incurs the so-called "1 affects n problem," that is, an action of one member affects the whole group. We believe this is the source of scalability problems. Moreover, from the administrative perspective, it is desired to confine the impacts of changing membership events in a local area. In this paper, we propose a new secure multicast architecture without using a group key. We exploit a cryptographic primitive "proxy encryption." It allows routers to convert a ciphertext encrypted under a key to a ciphertext encrypted under another key, with-out revealing the secret key and the plaintext. By giving proper keys to intermediate routers, routers could provide separation between subgroups. Therefore the goals of scalability and containment are achieved.