One of the most important and challenging area in the smart grid context is security and privacy section. Smart grid is a vulnerable system and can be attacked even from aboard, attacks that may cause different level of issues and harms on the devices and society. So, research community has paid attention to this topic and the reasons of required security and privacy for the smart grid. The first step of designing and implementing security for any system such as a smart grid is an authentication scheme followed by a key management protocol. Other security aspects like integrity, authorization and confidentiality can be implemented as long as a strong key management protocol has already been designed and addressed. In this paper we provide a new scheme for the mutual authentication between the smart grid utility network and Home Area Network smart meters. Our proposed mechanism is capable of preventing different attacks like Brute-force, Replay, Man-In- The-Middle and Denial-of-Service attacks. Also, we provide a novel key management protocol for data communication between the utility server and customers smart meters. Our proposed protocol improves the network overhead caused by security key management controlling packets, and at the same time it is enough secured in order to prevent above mentioned attacks. In fact, by generating and broadcasting only one function periodically by the server that is in charge of the network security, our protocol simply refreshes entire nodes public key and private key as well as multicast required security keys if any.