A security apparatus and a security method for controlling electric devices by use of electronic mails. A modem receives an electronic mail sent from a sending side and stores the received electronic mail into a RAM of a controller. A CPU extracts certification information encrypted by a secret key of a user of the sending side and decrypts the certification information by use of a public key. Based on the decrypted information, the CPU determines whether the user of the sending side is authentic or not. Only when the user is found authentic, the CPU extracts a control command from the received electronic mail and stores the extracted control command into a RAM. Then, the CPU transmits an electronic mail to the sending side for confirming content of the control. If an electronic mail for approving the confirmation is returned from the sending side, the CPU extracts second certification information obtained by encrypting information different from that mentioned above, determines again whether the sender of the electronic mail is authentic, and, if the sender is found authentic, executes the control command received before.