The protection of sensitive information is very important, but also a difficult task. It usually requires a centralised access policy management and control system. However, such solution is often not acceptable in the era of users’ mobility. In the paper we propose a certificate-based group-oriented encryption scheme with an effective secret sharing scheme based on general access structure. The special design of the scheme ensures that the shared secret (encryption key information), a collection of shareholders, and the access structure can be dynamically changed without the need to update the long-term keys and shares owned by shareholders. It is also possible to delegate the access rights to another member of the qualified subgroup or to a new entity from outside the current access structure.