JP4917335B2 - Communication device - Google Patents

Description

  The present invention relates to a communication device that realizes security communication based on security-related information stored in advance.

  In recent years, communication security has come to be regarded as important. For example, an encryption key for each transmission terminal is registered in an image registration server having means for distributing an image registered in a client terminal device. And means for encrypting and transmitting the image using the registered encryption key when distributing, and receiving the terminal device by decrypting the image received with the dedicated composite key, Proposals have been made to prevent security failures such as wiretapping, spoofing, and falsification due to data interception (see Patent Document 1).

Further, as shown in Patent Document 2, when displaying a CA certificate (security related information) held on the UI screen, an expired CA certificate is detected and a warning is issued on the UI screen. There are also proposals that can appropriately notify the user that the CA certificate has expired.
JP 2001-092608 A JP 2005-332031 A

  By the way, when sending a secured email, it is necessary to detect whether the information (security related information) itself used for securing security is not illegal from the viewpoint of security.

  Therefore, in order to ensure security, the detection process may be performed only before the transmission operation is actually performed.

  However, if this is done, there is a risk that the time from when the user operates the device until the user knows that the information for securing the security is illegal is increased.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide a communication device that can promptly notify a user that security-related information is illegal.

The communication device of the present invention is a communication device that realizes security communication based on security-related information stored in advance, and performs a determination process for determining whether the security-related information is illegal or valid. comprising a determining means, said determining means performs the determination processing after reading the document image, after the determination process, the row physician again the determination process until before transmitting the data relating to the document image If it is detected that the security-related information has been updated between the time when the document image is read and before the data related to the document image is transmitted, whether to use the updated security-related information Based on the setting, in the case of a setting using updated security-related information, the determination process is performed on the updated security-related information. If not set to use a security-related information after the update are those for security-related information before update and to perform the determination processing.

  The security related information is information for encrypting transmission information or generating signature information based on the transmission information.

The re-determination process performed before the transmission of the data relating to the document image may be performed after the transmission information is encrypted using the security-related information.
Further, when there are a plurality of originals, the determination unit may perform the determination process every time one original image related to the original is read.
When there are a plurality of documents, the determination unit may perform the determination process after reading all document images.

  Further, when the transmission operation does not end normally, the retransmission operation is performed up to a predetermined number of times, and the determination process by the determination means is also performed at the retransmission operation stage.

  In addition, when the determination unit determines that the security related information is illegal, the transmission operation is terminated with an error at that time.

  In the retransmission operation stage, when the determination means determines that the security related information is illegal, the transmission operation is terminated at that time.

In addition, when the determination unit detects that the security-related information has been updated after reading the document image and before transmitting the data related to the document image, The determination process may be performed for security related information .

  Therefore, according to the present invention, it is determined whether or not the security related information is illegal a plurality of times according to the progress of the transmission operation. As a result, it is possible to achieve both an improvement in security and usability.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 shows a network system according to an embodiment of the present invention.

  In the figure, a local area network LAN is connected with a plurality of workstation devices WS1 to WSn, a mail server device SM, a file server device SF, and a network compatible multi-function device FX, and via a router device RT. Connected to the Internet. Therefore, the workstation devices WS1 to WSn, the mail server device SM, the file server device SF, and the network compatible multi-function device FX can exchange data with other appropriate terminal devices via the Internet.

  Here, the mail server device SM collects and distributes well-known e-mails to users using the workstation devices WS1 to WSn connected to the local area network LAN and to the network network compatible MFP FX. It provides services.

  Also, the file server SF provides a file transmission / reception / storage service to users using the workstations WS1 to WSn connected to the local area network LAN and to the network network compatible MFP FX. FTP or SMB is implemented.

  The workstation apparatuses WS1 to WSn are installed with various programs such as an image processing program for drawing image data, a Web browser, and e-mail client software, and are used by a specific user. Here, the specific user may be one or a plurality of users.

  In addition, the network compatible MFP FX is connected to an analog public line network PSTN, an e-mail processing function for exchanging image information and various reports as e-mails, and is used as a transmission path for group 3 facsimile transmission. Facsimile communication function for transmitting image information according to procedure, scan-to-email function for transmitting read image data using e-mail, and for storing read image data to file server SF A transmission function such as a file transfer function (FTP (File Transfer Protocol) or SMB (Server Message Block)) is provided. It also has an encrypted communication function for encrypting data to be transmitted.

  FIG. 2 shows a configuration example of the network compatible MFP FX.

  In the figure, a system control unit 1 performs various control processes such as a control process, an encryption process, and a facsimile transmission control procedure process of each part of the network compatible MFP FX. The control processing program executed by the control unit 1 and various data necessary for executing the processing program are stored, and the work area of the system control unit 1 is configured. This is for storing various types of information unique to the corresponding multifunction peripheral FX, and the clock circuit 4 outputs current time information.

  The scanner 5 is for reading a document image with a predetermined resolution, the plotter 6 is for recording and outputting an image with a predetermined resolution, and the operation display unit 7 is a network compatible MFP FX. It is for operation and consists of various operation keys and various displays.

  The encoding / decoding unit 8 encodes and compresses the image signal and decodes the encoded and compressed image information into the original image signal. The magnetic disk device 9 is encoded and compressed. This is for storing a large number of image information in a state of being recorded and various other data files.

  The group 3 facsimile modem 10 is for realizing the modem function of the group 3 facsimile, and is a low-speed modem function (V.21 modem) for exchanging transmission procedure signals, and mainly for exchanging image information. A high-speed modem function (V.17 modem, V.34 modem, V.29 modem, V.27ter modem, etc.) is provided.

  The network control device 11 is for connecting the network compatible MFP FX to the analog public line network PSTN, and has an automatic outgoing / incoming function.

  The local area network interface circuit 12 is for connecting the network compatible MFP FX to the local area network LAN, and the local area network transmission control unit 13 is connected to another data terminal device via the local area network LAN. For executing communication control processing of various predetermined protocol suites for exchanging various data with each other.

  The system control unit 1, system memory 2, parameter memory 3, clock circuit 4, scanner 5, plotter 6, operation display unit 7, encoding / decoding unit 8, magnetic disk unit 9, group 3 facsimile modem 10, network The control device 11 and the local area network transmission control unit 13 are connected to an internal bus 14, and data exchange between these elements is mainly performed via the internal bus 14.

  Data exchange between the network control device 11 and the group 3 facsimile modem 10 is performed directly.

  FIG. 3 shows an example of the operation display unit 7.

  In the figure, a start key 7a is used to input a command to start a transmission / reception operation or the like of the network-compatible MFP FX, and a stop key 7b is input to stop the operation of the network-compatible MFP FX. The numeric keypad 7c is for inputting numeric (numeric) information such as a telephone number.

  The liquid crystal touch panel unit 7d is provided with a touch panel unit that enables a screen operation to be performed by a touch operation on a display screen of a liquid crystal display device capable of displaying appropriate image data. It constitutes the main elements of the user interface.

  The mode clear key 7e is for clearing the set mode, and the initial setting key 7f is for instructing the start of the initial setting mode for inputting various initial setting information. The insert key 7g is used to instruct an interrupt operation.

  In the present embodiment, the network-compatible MFP FX includes an address book in which destination information corresponding to each transmission operation is registered. The address book includes address book information as shown in FIG.

  The address book information includes 100 mail destinations referred to during e-mail communication, 100 fax destinations referred to during group 3 facsimile communication, 100 group destinations referred to during e-mail communication, and a file. 100 file destinations referenced during communication are included.

  As shown in FIG. 5B, the contents of one mail destination include the name of the mail destination, the mail address, the affiliation of the registered user, etc., and the public key A ( And certificate information (security related information) related to the public key A. The certificate information includes at least the date and time when the public key A is registered and the expiration date of the public key A.

  The content of one fax destination includes the name of the fax destination, the fax number (telephone number), the affiliation of the registered fax, and the public key used for encrypted communication as shown in FIG. B (described later) is included.

  The content of one group destination is obtained by registering one or more mail destination names as shown in FIG.

  As shown in FIG. 5E, the contents of one file destination include the name of the file destination, the network path representing the transfer destination directory, and the login user name used when logging in to the file server SF. Contains the login password.

  In this embodiment, the network-compatible MFP FX creates and stores communication history information as shown in FIG. 5 for one communication operation (reception operation and transmission operation).

  The communication history information includes an ID for distinguishing each communication history information, a communication mode (communication type such as e-mail transmission / reception, facsimile transmission / reception, file transfer, and encryption) related to the communication history information, and encryption. Or the like), communication start time, communication end time, number of communication, and communication result.

  In addition, as the security related information, device signature information as shown in FIG. 6 can also be stored. The device signature information includes a secret key used when creating electronic signature information (message digest) and information on the expiration date of the secret key.

  Next, encrypted communication will be described.

  For group 3 facsimile transmission, the encrypted communication method defined in ITU-T standard JT-T30 is applied. The encrypted communication method in this case corresponds to RSA, and as shown in FIG. 7, the transmission side encrypts the communication message (plain text) into cipher text using the public key notified from the reception side. The receiving side decrypts the received ciphertext using a secret key corresponding to the public key to obtain the original plaintext (communication message).

  Therefore, in this case, the public key B registered in each fax destination is the public key notified from the receiving side. Also, the public key registration can be performed manually by the administrator of the network compatible MFP FX or by the network compatible MFP FX by communication according to a predetermined procedure. For example, it is possible to automatically register using e-mail (if security is important, use S / MIME described later).

  Further, S / MIME can be applied to electronic mail communication. This S / MIME is defined by RFC2311 (S / MIME Version 2 Message Specification) and RFC2315 (PKCS # 7: Cryptographic Message Syntax Version 1.5) issued by IETF.

  In this S / MIME, as shown in FIG. 8, the transmission side generates a common key and encrypts the communication message. The generated common key is encrypted using the public key notified from the receiving side. Then, the ciphertext and the encrypted common key are transmitted to the receiving side.

  On the receiving side, the received encrypted common key is decrypted and generated using the private key corresponding to the public key, and the ciphertext is decrypted using the generated common key to obtain the communication message. To do.

  Further, as shown in FIG. 9, an electronic mail to which S / MIME is applied includes one or more header information including one or more destination information (“To” field) and one or more corresponding to the destination information included in the header information. It consists of encrypted key information (including the recipient's identifier) and an encrypted text (ciphertext).

  The e-mail receiving side finds key information corresponding to itself based on the identifier included in the key information, decrypts the key information with the secret key, and obtains the common key. Then, the body information is decrypted using the common key to obtain a plaintext message.

  The electronic signature is performed by a method as shown in FIG.

  In this case, on the transmission side, message digest information of a predetermined digit is generated for a communication message using a predetermined hash function or the like, and the generated message digest information is encrypted using a secret key. Then, the encrypted message digest information is added to the communication message as electronic signature information and transmitted.

  The receiver side obtains the electronic signature information by decrypting it using the public key corresponding to the private key used on the sender side, while creating message digest information based on the communication message, and whether or not they match Inspect.

  In the above configuration, when the user performs a transmission operation using the network-compatible MFP FX, first, the transmission application screen shown in FIG. 11 is displayed on the liquid crystal touch panel unit 7d of the operation display unit 7.

  The user sets the document reading mode by reading conditions (P05), density setting (P06), file format (P07), document feeding type (P08), encryption (P09), signature (P10), and the like.

  Then, a destination to be transmitted is selected from the registered destination button (P03) group. At this time, it is also possible to select a plurality of destinations and perform transmission by a single operation. In addition, when the transmission destination is an e-mail, a fax, or a variety of destinations such as destinations transmitted according to various file transfer protocols such as FTP and SMB, the destinations are narrowed down for each transmission method (P01). , P02).

  In the scan-to-email application, the scanner 5 reads an image of one or more transmission originals, and transmits the read image by e-mail.

  The problem here is that it takes a certain amount of time to read the original, so even if the validity period of the certificate information is valid at the beginning of reading the original, an e-mail is actually sent. This means that the expiration date may have passed. Thus, in a situation where the public key A is invalid, the electronic mail should not be transmitted for security.

  Therefore, in this embodiment, an operation for inspecting whether security-related information is illegal is performed multiple times for each of various states, so that an e-mail that should not be transmitted for security is transmitted. Can be avoided.

  An example of the e-mail transmission process in this case is shown in FIGS.

  When the scanner 5 reads an original image for one page and saves the read image data obtained by the scanning (process 101), a certificate validity determination process (process 102) for checking the validity of the public key A is executed. To do. It is checked whether or not invalidity is detected in this certificate validity determination process (determination 103). When the result of determination 103 is YES, an error message as shown in FIG. 14 is displayed (process 104), and the transmission operation is stopped. (Process 105), and the process ends in error.

  When the result of determination 103 is NO, it is checked whether the next page is set in the automatic document feeder (ADF; not shown) of the scanner 5 (determination 106), and the result of determination 106 is YES. In some cases, the process returns to the process 101 to read the original image of the next page.

  If the image reading of all the originals set on the scanner 5 at that time is completed and the result of determination 106 is NO, a common key to be applied to encrypted communication is generated (processing 107). The read image data, which is a transmission message at that time, is encrypted by applying a predetermined encryption method using the common key generated in the processing 107, and the encrypted data obtained thereby is stored in the magnetic disk device 9 ( Process 108).

  And it waits until it becomes a transmission start timing (process 109).

  When the transmission start timing is reached, one mail destination is selected from the mail destinations specified at that time (process 110), the destination is stored in the encrypted transmission destination list (process 111), and stored in correspondence with the destination. The common key generated in the process 107 is encrypted using the public key A (process 112) and registered in the encrypted common key list (process 113).

  Next, it is checked whether or not processing has been completed for all destinations (decision 114). If the result of determination 114 is NO, the processing returns to processing 110, the next destination is selected, and the subsequent processing is performed.

  When the processing is completed for all destinations and the result of determination 114 is YES, a certificate validity determination process (process 115) for checking the validity of public key A is executed. It is checked whether or not invalidity has been detected in the certificate validity determination process (determination 116). When the result of determination 116 is YES, the process proceeds to process 104, an error message as described above is displayed, and the transmission operation is stopped. And exit with an error.

  If the result of determination 116 is NO, encrypted transmission data is created based on the encrypted transmission destination list, the encrypted data, and the encrypted common key list (process 117). The e-mail (encrypted e-mail) of the encrypted transmission data created in (1) is transmitted (process 118).

  Here, a prescribed value KR of the number of retransmissions is set in the counter RK (process 119).

  Next, it is checked whether or not the transmission operation at that time has ended normally (decision 120). When the result of determination 120 is YES, transmission is completed (process 121), and the operation at this time is terminated.

  Further, when a transmission error has occurred and the result of determination 120 is NO, the value of counter RK is decreased by 1 (process 122), and as a result, whether the value of counter RK has become smaller than 1 or not. Is checked (decision 123).

  If the result of determination 123 is NO, the retransmission operation has not been completed, so the process returns to processing 109 and the retransmission operation is performed for the unsent e-mail destination.

  When the result of determination 123 is YES, the process proceeds to process 104, an error message as described above is displayed, the transmission operation is stopped, and the error ends.

  FIG. 15 shows an example of a certificate validity determination process executed in the processes 102 and 115.

  First, the invalidity detection flag is turned off (process 201), the expiration date information of the certificate information is acquired (process 202), and the current date and time information is acquired (process 203).

  Then, the date and time of the expiration date information is compared with the current date and time to check whether or not the expiration date has passed (decision 204). When the result of determination 204 is YES, the invalidity detection flag is turned ON (process 205). When the result of determination 204 is NO, process 206 is not executed.

  In this way, in this embodiment, the certificate validity determination process is performed at the time of reading the original document image and the step of retransmitting the e-mail. A situation where security communication using the key A occurs can be appropriately avoided.

  16 and 17 show another example of the e-mail transmission process.

  When the scanner 5 reads an original image for one page and stores the read image data obtained thereby (process 300), it is checked whether or not the next page is set in the automatic document feeder of the scanner 5 (determination 301). ) When the result of determination 301 is YES, the process returns to process 300 to read the original image of the next page.

  When reading of the images of all transmission documents is completed and the result of determination 301 is NO, a certificate validity determination process (process 302) for checking the validity of the public key A is executed. It is checked whether or not invalidity is detected in the certificate validity determination process (determination 303). When the result of determination 303 is YES, an error message as shown in FIG. 14 is displayed (process 304), and the transmission operation is stopped. (Process 305), and the process ends in error.

  When the result of determination 303 is NO, a common key to be applied to encrypted communication is generated (process 306), and the read image data that is the transmission message at that time is used using the common key generated in process 396. Then, encryption is performed by applying a predetermined encryption method, and the encrypted data obtained thereby is stored in the magnetic disk device 9 (process 307).

  Then, it waits until the transmission start timing is reached (process 308).

  At the transmission start timing, one mail destination is selected from the mail destinations specified at that time (step 309), the destination is stored in the encrypted transmission destination list (step 310), and stored in correspondence with the destination. The common key generated in the process 306 is encrypted using the public key A (process 311) and registered in the encrypted common key list (process 312).

  Next, it is checked whether or not the processing has been completed for all destinations (decision 313). When the result of judgment 313 is NO, the processing returns to processing 309, the next destination is selected, and the subsequent processing is performed.

  When the processing is completed for all destinations and the result of determination 313 is YES, certificate validity determination processing (processing 315) for checking the validity of the public key A is executed. It is checked whether or not invalidity is detected in this certificate validity determination process (determination 316). When the result of determination 316 is YES, the process proceeds to process 304, an error message as described above is displayed, and the transmission operation is stopped. And exit with an error.

  When the result of determination 316 is NO, encrypted transmission data is created based on the encrypted transmission destination list, the encrypted data, and the encrypted common key list (process 317). The e-mail (encrypted e-mail) of the data for encrypted transmission created in step (S318) is transmitted.

  Here, the specified value KR of the number of retransmissions is set in the counter RK (process 319).

  Next, it is checked whether or not the transmission operation at that time has ended normally (decision 320). When the result of determination 320 is YES, transmission is completed (process 321), and the operation at this time is terminated.

  If a transmission error has occurred and the result of determination 320 is NO, the value of the counter RK is decreased by 1 (process 322), and as a result, whether the value of the counter RK has become smaller than 1 or not. (Judgment 323).

  If the result of determination 323 is NO, the retransmission operation has not been completed, so the processing returns to step 309 and the retransmission operation is performed for the unsent e-mail destination.

  When the result of determination 323 is YES, the process proceeds to process 304, an error message as described above is displayed, the transmission operation is stopped, and the error ends.

  In this way, in this case, the certificate validity determination process is not performed each time the document is read, so that the work load on the device can be reduced, and the processing speed of other work performed by the device can be reduced. It can prevent slowing down.

  By the way, when processing for each destination is performed, the public key A and the certificate information (update date / time and expiration date) are copied to a work area (not shown) of the system memory 2 and used. Here, when the user updates the certificate information for one of the destination public keys A, for example, during the e-mail transmission operation, the updated certificate information and the contents of the certificate information used in the processing Will occur. Although not shown, the certificate information includes information that prohibits the use of the public key A.

  An example of a certificate validity determination process that can deal with such a situation is shown in FIG.

  First, it is checked whether or not the certificate information has been updated (determination 401). If the result of determination 401 is YES, it is checked whether or not use of updated information is set (determination 402). Note that the administrator user can appropriately set whether to use the updated information.

  When the result of determination 402 is YES, the updated certificate information is copied to the work area (process 403). When the result of determination 402 is NO and when the result of determination 401 is NO, processing 403 is not executed. That is, when the result of determination 402 is NO, the certificate information before update is used.

  Then, the invalidity detection flag is turned off (process 404), the expiration date information of the work area certificate information is acquired (process 405), and the current date and time information is acquired (process 406).

  Then, the date and time of the expiration date information is compared with the current date and time to check whether or not the expiration date has passed (decision 407). When the result of determination 407 is YES, the invalidity detection flag is turned ON (process 408). When the result of determination 407 is NO, process 408 is not executed.

  In this manner, in this embodiment, it is possible to cope with the case where the certificate information of the public key A is updated by the user during the e-mail transmission process.

  FIG. 20 shows still another example of the certificate validity determination process.

  First, it is checked whether or not the certificate information has been updated (decision 501). If the result of determination 501 is YES, it is checked whether or not use of the updated information is set (decision 502). Note that the administrator user can appropriately set whether to use the updated information.

  When the result of determination 502 is YES, the current certificate information stored in the work area is saved (process 503), and the updated certificate information is copied to the work area (process 504).

  Next, the invalidity detection flag is turned off (process 505), the expiration date information of the work area certificate information is acquired (process 506), and the current date and time information is acquired (process 507).

  Then, the date and time of the expiration date information is compared with the current date and time to check whether or not the expiration date has passed (decision 508). When the result of determination 508 is YES, the value saved in step 503 is copied to the work area, and the contents of the certificate information are restored to the values before change (step 509). When the result of determination 508 is NO, processing 509 is not executed.

  If the result of determination 502 is NO, the invalidity detection flag is turned off (process 510), the expiration date information of the work area certificate information is acquired (process 511), and the current date and time information is acquired (process). 512).

  Then, the date and time of the expiration date information is compared with the current date and time to check whether or not the expiration date has passed (decision 513). When the result of determination 513 is YES, the updated value is copied to the work area, and the content of the certificate information is changed to the changed value (processing 514). When the result of determination 513 is NO, processing 514 is not executed.

  When the result of determination 501 is NO, the invalidity detection flag is turned off (process 515), the expiration date information of the certificate information is acquired (process 516), and the current date and time information is acquired (process 517).

  Then, the date and time of the expiration date information is compared with the current date and time to check whether or not the expiration date has passed (decision 518). When the result of determination 518 is YES, the invalidity detection flag is turned ON (process 519), and when the result of determination 518 is NO, process 519 is not executed.

  As described above, in this case, when the certificate used for the destination is updated between the transmission request from the user and the actual email transmission, for each certificate, Since it is possible to individually set whether to use "before update" or "after update", for example, even if the certificate information is valid at the time of receiving the user's transmission request, the actual transmission process If the update is invalidated by the administrator up to the point of performing the operation, refer to the security information that was invalidated as the intention of the device administrator, or use the method to interrupt the transmission operation. If the security-related information used for the encrypted mail is valid at the time of the transmission request from the user, the request for completing the transmission operation using the information can be realized. Also, if it is determined that the security-related information is illegal, the transmission operation is terminated at that point in time, so in this case, for example, the communication recovery is different from the retry at the time of mail transmission. Therefore, the transmission result can be notified to the user at an early stage.

  In each of the above-described embodiments, the case where the public key and the certificate information are applied as the security related information has been described. However, the present invention also applies to the case where the device signature information (see FIG. 6) is used as the security related information. Can be applied in a similar manner.

  Further, the present invention can be similarly applied to an appropriate communication device other than the devices of the above-described embodiments.

1 is a block diagram showing a network system according to an embodiment of the present invention. FIG. 3 is a block diagram showing a configuration example of a network compatible MFP FX. Schematic which showed an example of the operation display part 7. FIG. Schematic which showed an example, such as an address book. Schematic which showed an example of communication history information. Schematic which showed an example of apparatus signature information. Schematic for demonstrating the encryption method of G3 facsimile communication. Schematic for demonstrating the encryption method of S / MIME. Schematic which showed an example of the electronic mail which applied S / MIME. Schematic for demonstrating an electronic signature. Schematic which showed an example of the screen of a transmission application. 14 is a flowchart showing an example of e-mail transmission processing (continuing to FIG. 13). The flowchart which showed an example of the email transmission process (continuation of FIG. 12). Schematic showing an example of an error message. The flowchart which showed an example of certificate validity determination processing. The flowchart which showed the other example of the electronic mail transmission process (continue to FIG. 17). The flowchart which showed the other example of the email transmission process (continuation of FIG. 16). Schematic which showed an example of the information copied to the work area. The flowchart which showed the other example of the certificate validity determination process. 14 is a flowchart showing still another example of certificate validity determination processing.

Explanation of symbols

  FX network compatible MFP

Claims (8)

A communication device that implements security communication based on security-related information stored in advance,
A determination means for performing a determination process for determining whether the security-related information is illegal or valid;
Said determination means performs the determination processing after reading the document image, after the determination process, have rows the decision process again until before transmitting the data relating to the document image, the document image If it is detected that the security-related information has been updated between the time after reading and before the transmission of the data relating to the document image, the update is performed based on the setting of whether to use the updated security-related information. In the case of setting using later security related information, the determination process is performed for the updated security related information. In the case of setting not using updated security related information, the determination process is performed for the security related information before update. A communication device characterized by performing .   The communication apparatus according to claim 1, wherein the security-related information is information for encrypting transmission information or generating signature information based on the transmission information.   The re-determination process performed before the transmission of the data relating to the document image is performed after the transmission information is encrypted using the security-related information. The communication device described.   4. The communication apparatus according to claim 1, wherein when there are a plurality of documents, the determination unit performs the determination process each time a document image related to the document is read. 5.   4. The communication apparatus according to claim 1, wherein when there are a plurality of documents, the determination unit performs the determination process after reading all document images.   6. The method according to claim 1, wherein when the transmission operation is not normally completed, the retransmission operation is performed up to a predetermined number of times, and the determination process by the determination unit is also performed at a retransmission operation stage. The communication device described.   The communication according to any one of claims 1 to 5, wherein, when the determination unit determines that the security-related information is illegal, at that time, the transmission operation is terminated with an error. apparatus.   7. The communication apparatus according to claim 6, wherein, in the retransmission operation stage, when the determination unit determines that the security-related information is invalid, at that time, the transmission operation ends in error.