The system according to the invention comprises at least one sender S with key providing means (24) for providing group keys GK and address keys (Xj, Yj, Zj). A plurality of receivers r each have accessing means (42, 50) for accessing individual receiver address key sets and group keys. Group keys are identical for all receivers of the same group. Each receiver address key set is a subset of the base set of address keys. The receiver address key sets are pairwise different for all pairs of receivers of the same group. For each individual receiver, there is one or more exclusion key (X, Y, Z), which is not contained in that receivers set of address keys. The system comprises authorization storage means (30) storing authorization information about each receiver. Encryption means (24) are used to generate out of the message mk a plurality of encrypted messages mk*. Each encrypted message mk* is encrypted with a combination of keys in such a way that it can only be decrypted using all keys out of the combination of keys. Each encrypted message mk* is aimed at one group of receivers, and the combination contains group keys of that group. To exclude non-authorized receivers, the combination further contains one or more exclusion keys of non-authorized receivers of the group. ® KIPO & WIPO 2007
展开▼