Skip to main content

Overview of SDF Features

SDF(SensitiveDocsFlow)a security policy that can be applied and tracked throughout the entire process from document creation to distribution and storageDocument-Centric Security PlatformIt is. It can integrate document encryption and policy management features without changing the existing workflow, linked with the client's business system and API.


1. Document Encryption / Decryption

Performs encryption and decryption based on access control policies for the document.

Support MethodDescription
DAC(Arbitrary Access Control)The document owner directly assigns permissions for encryption
MAC(Mandatory Access Control)Automatically apply encryption according to the organization's security classification policy.
GRADEPerform encryption based on document security classification (confidential, restricted, etc.)
  • in the client company's business systemREST API CallIt is possible to perform encryption and decryption in one go.
  • When encrypted, security headers are automatically inserted, allowing you to check the document's protection status at any time.

2. Document Header Information Management

The encrypted document containsSecurity Policy Metadatais inserted as a header.

  • Insertion Information: Permission level, encryption method, policy ID, processing date and time, etc.
  • Query API: The current security status of the document can be checked in real-time from external systems.
  • Usage Examples: Pre-check security level before document access, detection of policy violation documents

3. Management of Sensitive Information (SFI)

inside office documentsSteganographic File Information for Source TrackingInsert __PH_0__.

  • Insertable Information: TxID (Transaction ID), system name, processing date and time, user information, etc.
  • Query / Delete: You can check or remove hidden information through a dedicated API.
  • Purpose: Trace back the original source in case of document leakage to identify the leakage path.

4. Document Lineage Tracking (InfoLineage)

When the document is copied or derivedParentDoc IDAutomatically inserts to track the relationship between the original and derived documents.

원본 문서 (DocID: A)
  ├── 복사본 1 (DocID: B, ParentDoc: A)
  │     └── 수정본 (DocID: D, ParentDoc: B)
  └── 복사본 2 (DocID: C, ParentDoc: A)
  • You can understand the entire distribution flow of the document in a tree structure.
  • Utilization for Security Audits and Compliance Responses

5. API Integration

SDF provides two API frameworks to flexibly integrate with business systems in various environments.

API TypesTargetMain Features
Customer-Specific APIIn-house Work SystemEncryption/Decryption, Header Query, Hidden Information Insertion/Query/Deletion, Label Management
Security365 Integration APISecurity365 ServiceSame functionality + additional features such as authentication checks, security level management, etc.
  • Designed in a RESTful manner, callable regardless of language/platform.
  • Detailed API specifications areAPI GuidePlease refer to the document.

6. Installation and Configuration Method

SDF is tailored to the customer's environment.Two Deployment Methodssupports.

Composition MethodFormSuitable Environment
SDF ContainerSidecar ContainerKubernetes/POD-based Cloud Environment
SDF AppJAR-based applicationsExisting on-premises or VM-based server environment
  • SDF Container: Deployed as a sidecar within the business system POD, operating independently.
  • SDF App: Compatible with existing Java library (SCSL.jar) — Maintain existing integration structure without code modification

7. Logs and Monitoring

All security processing procedures of SDF areEvent LogIt is recorded and used for operational monitoring and security auditing.

Log TargetRecord content
EKMSKey issuance/view, authentication processing history
SKMSEncryption and Decryption Request/Response, Header Processing History
SDF ContainerAPI call, file processing, hidden information insertion history
  • Support for real-time metric collection through Prometheus integration
  • Providing a systematic log classification system based on event codes