Skip to main content

Overview of SDF Functionality

**SDF(SensitiveDocsFlow)**security policy that can be applied and tracked throughout the entire process from document creation to distribution and storage.Document-Centric Security PlatformIt is. It can integrate document encryption and policy management features without changing the existing workflow by linking with the client company's business system and API.


1. Document Encryption / Decryption

Performs encryption and decryption based on the access control policy for the document.

Support MethodDescription
DAC(Arbitrary Access Control)The document owner directly assigns permissions for encryption
MAC(Mandatory Access Control)Automatically apply encryption according to the organization's security classification policy.
GRADEPerform encryption based on document security levels (confidential, restricted, etc.)
  • in the client company's business systemREST API CallIt is possible to perform encryption and decryption in one go.
  • When encrypted, security headers are automatically inserted, allowing you to check the document's protection status at any time.

2. Managing Document Header Information

The encrypted document containsSecurity Policy Metadatais inserted as a header.

  • Insertion Information: Permission level, encryption method, policy ID, processing date and time, etc.
  • Query API: The current security status of the document can be checked in real-time from external systems.
  • Usage Examples: Pre-check security level before document access, detection of policy violation documents

3. Management of Sensitive Information (SFI)

inside an office documentSteganographic File Information for Source TrackingInserts.

  • Insertable Information: TxID (Transaction ID), system name, processing date and time, user information, etc.
  • Query / DeleteYou can check or remove hidden information through a dedicated API.
  • Purpose: Trace the original source to identify the leak path in case of document leakage.

4. Document Lineage (InfoLineage)

When the document is copied or derivedParentDoc IDautomatically inserts to track the relationship between the original and derived documents.

원본 문서 (DocID: A)
  ├── 복사본 1 (DocID: B, ParentDoc: A)
  │     └── 수정본 (DocID: D, ParentDoc: B)
  └── 복사본 2 (DocID: C, ParentDoc: A)
  • You can understand the entire distribution flow of the document in a tree structure.
  • Utilization for Security Audits and Compliance Responses

5. API Integration

SDF provides two API frameworks that integrate flexibly with business systems in various environments.

API TypesTargetMain Features
Customer-Specific APIIn-house Work SystemEncryption/Decryption, Header Retrieval, Hidden Information Insertion/Retrieval/Deletion, Label Management
Security365 Integration APISecurity365 ServiceSame functionality + additional features such as authentication checks, security level management, etc.
  • Designed in a RESTful manner, it can be called regardless of language/platform.
  • Detailed API specifications areAPI GuidePlease refer to the document.

6. Installation and Configuration Method

SDF is tailored to the customer's environment.Two Deployment Methodssupports.

Configuration MethodformSuitable Environment
SDF ContainerSidecar ContainerKubernetes/POD-based Cloud Environment
SDF AppJAR-based ApplicationsExisting on-premises or VM-based server environment
  • SDF Container: Deployed as a sidecar within the business system POD and operates independently.
  • SDF App: Compatible with existing Java library (SCSL.jar) — Maintain existing integration structure without code modification

7. Logs and Monitoring

All security processing procedures of SDF areEvent LogIt is recorded and used for operational monitoring and security auditing.

Log TargetRecord content
EKMSKey issuance/viewing, authentication processing history
SKMSEncryption and Decryption Request/Response, Header Processing History
SDF ContainerAPI call, file processing, hidden information insertion history
  • Support for real-time metric collection through Prometheus integration
  • Providing a systematic log classification system based on event codes