The hierarchical cryptographic key assignment is used to assign cryptographic keys to a set of partially ordered classes so that the user in a higher class can derive the cryptographic key for users in a lower class. However, the existing secure schemes for the cryptographic key assignment in a hierarchy do not consider the situation that a user may be in a class for only a period of time. If a user resigned from his class ci and he premeditatedly eavesdrops on data transmissions, then he can also decrypt the data in class cj if and only if the class cj is lower than the class ci. Thus, all messages are likely to be compromised during the span of the system. In this paper, we propose a new cryptographic key assignment scheme with time-constraint in which the cryptographic keys of a class are different for each time period. Our goal is to minimize the potential damages over a public network. Once the time period is expired, the cryptographic keys' owner cannot access any subsequent class keys. Therefore, as a user resigned from his class premeditatedly eavesdrops on later messages, he cannot then decrypt the message with his old keys. Moreover, in the proposed method, the key generation and key derivation are quite simple, and the number of the public/secret parameters for each authenticated user is fixed and small which differs from most previously proposed schemes. Hence, it is very appropriate to communicate securely over an open network.