A question about the "Difference between transmission and access security" was asked in a Hong Kong SME Forum. Here is a set of fundamental security concepts. When you use an application over the wire (e.g. internet), there are four aspects of security, i.e. Authentication, Authorization, Integrity and Confidentiality. Authentication and Authorization are access related security while Integrity and Confidentiality are transmission related security.

• Authentication - Application wants to know "who you are?". It can be done by entering user name and password. It can also be done by using e-Certificate.
• Authorization - Application after knowing your identity, it will determine "what can you do in the application?". The same application can cater different services to different types of users, e.g. Administrator, Manager, Operater, Customer, etc.
• Integrity - When message is sent over the network (e.g. internet), it might be altered by someone between the sender and receiver. We call it man-in-the middle attack. Usually, this type of attacks can be eliminated by signing the message digitally.
• Confidentiality - When message is sent over the network, someone may use a sniffer (a tool for view data during transmission) to view some important data, e.g. user name and password. Usually, sensitive message must be encrypted to prevent being openly viewed on the wire.