The elliptic curve cryptosystem is considered to be the strongest public-key cryptosystem known today and is preferred over the RSA cryptosystem because the key length for secure RSA has increased over recent years, and this has put a heavier processing load on its applications. An efficient key management and derivation scheme based on the elliptic curve cryptosystem is proposed in this paper to solve the hierarchical access control problem. Each class in the hierarchy is allowed to select its own secret key. The problem of efficiently adding or deleting classes can be solved without the necessity of regenerating keys for all the users in the hierarchy, as was the case in previous schemes. The scheme is shown much more efficiently and flexibly than the schemes proposed previously.