Function Specification (Internal → External Access)
※ Last updated: 2026-04-02
This document is a functional specification for cases of securely accessing external internet and SaaS services from an internal work environment.
Common management features such as user, group, license, conditional policy, and authentication settings areSecurity365 Management Center Functional SpecificationPlease refer to.
RFP Notation Standards
| Notation | Meaning | Description |
|---|---|---|
| Required | Common Evaluation Criteria | Commonly Required Features in Web Isolation (RBI) Business RFP |
| Specialization | Differentiation Items | Unique features of SHIELD Gate provide an advantage over competitors —Recommendation to Add Evaluation Criteria to the RFP |
| Selection | Additional Items | Features proposed optionally based on customer requirements |
User Features
| Major Category | Subcategory | subcategory | Detailed description | RFP notation | specifications |
|---|---|---|---|---|---|
| Isolated Browsing | Web Access | Isolated Browser Access | Isolation browser access feature that executes web browsing on the server and streams only the screen to neutralize online threats. | Required | link |
| URL input field | Provide an input field where users can directly enter a URL to access. | Required | link | ||
| URL Input Field Search Engine Integration | A feature that automatically links to the search results page of the configured search engine (Google, Naver, Daum, Nate, Bing) when a search term that is not in URL format is entered in the URL input field. | Specialization | link | ||
| App Access | The feature to access external SaaS through SHIELDGate and set user-specific access permissions. | Required | link | ||
| Browser Compatibility | Multi-Browser Support | Support features for major browsers such as Chrome, Edge, Firefox, and Safari | Required | link | |
| Support for Advanced Web Features | JavaScript interaction, WebGL 3D rendering, basic browser features such as translation, zooming, and right-clicking. | Required | link | ||
| Fully Isolated Architecture | Device Isolation and Code/Data Blocking | ① There is no direct communication between the device browser and the corresponding web server, ② the script and HTML code of the web server do not execute on the device, and ③ cookies, temporary files, etc. are not stored on the device at all, resulting in a completely isolated structure. | Specialization | link | |
| HTTPS Single Port Secure Communication | Connect to the RBI server using standard HTTPS (TCP 443) with a single port and single session without using UDP, and transmit 1:1 without relay servers such as TURN — no need for separate firewall port openings or relay infrastructure, ensuring a security level equivalent to or higher than VPN when accessing externally (such as IAP). | Specialization | link | ||
| High-Quality Screen Streaming | An intelligent screen transmission feature that prioritizes sending keyframes immediately upon connection to ensure high quality from the initial screen, and automatically adjusts the resolution in the event of network jitter to maintain responsiveness instead of interruptions. | Specialization | link | ||
| Security Plugin Support | Endpoint Broker Technology | Functionality that supports web applications requiring internal communication on PCs, such as banking security programs. | Specialization | link | |
| Access Permissions | Access Environment-Based Permissions | A feature that sets app usage permissions based on user location, device, and time conditions. | Required | link | |
| User Behavior Control | Access Control | Access Allow/Deny | A feature that allows or blocks access to target URLs and categories based on conditional policies. | Required | link |
| Additional Authentication | Additional identity verification feature through email verification code or OTP authentication when access is granted | Required | link | ||
| Behavior Control | Keyboard Input Blocking | A feature that blocks keyboard input in the isolated browser | Required | link | |
| Site Navigation Blockage | A feature that blocks page navigation to external domains. | Selection | link | ||
| URL Exposure Control | A feature that controls the visibility of the current access URL in the URL input field based on conditions. | Selection | link | ||
| Idle Screen Lock | A feature that switches to the lock screen after a set idle time to protect data on the screen. | Selection | link | ||
| File Transfer Control | Allow/Block Uploads | Feature to Allow or Block File Uploads in Isolated Browser | Required | link | |
| Allow/Block Downloads | Feature to Allow or Block File Downloads in Isolated Browser | Required | link | ||
| Extension Control | Function to control the allowance of file extensions during upload and download | Required | link | ||
| Transmission via Interconnected Solutions | A feature that supports file upload and download through an existing network connection solution operating in a network separation environment. | Specialization | link | ||
| Clipboard Control | Bidirectional Clipboard Control | A feature that controls copy/paste direction between the isolated browser and the user PC. | Required | link | |
| Sensitive Information Control | Blocking Sensitive Information Input | Function to detect personal information patterns in user input and block transmission (including generative AI services) | Specialization | link | |
| Complete Logging of Generative AI Prompts and Responses | A feature that allows for complete logging of input prompts and response content when using commercial generative AI. | Specialization | link | ||
| Print Control | Print Allow/Block and Watermark | Feature to Allow or Block Printing in Isolated Browser — Watermark with User Identifiable Information May Be Applied When Allowed | Required | link | |
| Screen Security | Security Screen | Blocking and Guidance Screen | A feature that displays a blocking notification screen when a policy is blocked and provides a notification screen in case of technical issues such as connection errors or session termination. | Required | link |
| Screen Marking | Screen Marking | Function to display user identification information as a watermark on the screen (automatically inserted during screen capture as well) | Required | link | |
| File Security | File Encryption | Encryption Storage and Key Management | Function to encrypt and store files during upload and dispose of the encryption key when deleting files. | Required | link |
| Extension Control | Handling by Extension | Function to control uploads and downloads according to file extension blocking policy | Required | link | |
| Malware Scanning and Disinfection | Malware Scanning and CDR | A feature that automatically applies malware scanning and CDR (Content Disarm and Reconstruction) processing during file upload and download. | Required | link | |
| Sensitive Information Detection | Automatic Sensitive Information Detection | A feature that automatically detects personal information within files and blocks transmission. | Required | link | |
| Document Viewer Integration | SHIELD Viewer Integration | Function to provide read-only previews through SHIELD Viewer when downloading files | Required | link | |
| File Management | Storage Integration | External Storage and Edge Server | Integration features for external storage such as NAS, OneDrive, Google Drive, and Edge server-based local storage. | Selection | link |
| Document Editing | Collaborative Editing | MS365·Google Docs·Hancom Web·S3/NAS-based document collaboration feature | Selection | link | |
| Read-Only View | Read-Only Document Viewing Functionality through SHIELD Viewer | Selection | link | ||
| Teams Integration | Teams File Integration | Features that support file viewing, uploading, editing, and team-based tab access within the Teams app | Selection | link | |
| File Sharing | Sharing and Permission Management | URL link sharing, specifying the sharer, and setting permissions, managing shared folders | Selection | link | |
| Exploration · Classification · Collaboration | Exploration and Classification | File and folder search, tagging, bookmarking, pinning important items to the top feature | Selection | link | |
| Collaboration and History | Document comment writing, file change notification subscription, viewing, editing, and downloading history check features | Selection | link | ||
| Deletion Policy | Deleted File Management | A feature that automatically deletes files after retaining them for a certain period and allows setting the retention period for the file folder. | Selection | link | |
| SaaS Support | SaaS Compatibility | Microsoft 365 | Features that support M365 services such as Teams, Office365, Word, PowerPoint, and SSO | Required | link |
| Video Conference | Support for voice, video, and screen sharing features of video conferencing platforms such as Teams and Zoom. | Required | link | ||
| Video Streaming | Support for video streaming and playback of DRM-protected content | Specialization | link | ||
| Interface | UI and Menu | Hide/Show Top Bar | A feature that allows you to hide or expand the top bar to support full-screen viewing and immersive browsing. | Selection | link |
| Home Menu and GNB Shortcuts | Setting the Home Menu Usage and Displaying/Fixing Recently Accessed Apps and URLs in the GNB | Selection | link | ||
| Custom URL Button | Adding a button to the top bar for calling external URLs and passing user information as parameters | Selection | link |
Admin Features
| Major Category | Subcategory | subcategory | Detailed description | RFP notation | specifications |
|---|---|---|---|---|---|
| Isolated Browser Control | Access Control Policy | Policy Management | Function to create, modify, delete, and manage the priority of access control policies for each member's work system. | Required | link |
| Member and Condition Settings | Function to designate the members subject to policy application and set conditions for location, time, and device. | Required | link | ||
| Access to Business System | A feature to individually set the accessibility of the app menu and URL input field menu. | Required | link | ||
| Maximum Tab Count Limit | A feature that controls the maximum number of tabs that can be opened simultaneously in an isolated browser. | Selection | link | ||
| Session Management | Real-time Session Monitoring | Real-time query function for resource status and tab information of all user sessions currently connected. | Required | link | |
| Session Force Logout | Function to forcibly terminate the selected session immediately or with a grace period — input for termination reason (required), countdown warning displayed on user screen, simultaneous termination of all tabs, automatic saving of termination records supported | Specialization | link | ||
| Access Control | App and URL Management | App Access Settings | Function to register apps accessible through SHIELDGate and set user-specific access permissions | Required | link |
| URL List · Group Management | A feature that allows you to register and manage access control target URLs and group them for use as a policy application unit. | Required | link | ||
| Manage Movable URLs | Function to register and control movable URLs in a specific SaaS | Selection | link | ||
| Web Category Management | Category View·Edit·Rollback | Function to check the category classification of the website and customize it or restore to default. | Required | link | |
| Connection Environment Control | Connection Condition Registration | A feature to register user access environment conditions (IP, device, time, etc.) and set app access permissions. | Required | link | |
| Conditional Policy | Policy Management | Policy Creation, Modification, Deletion | A feature that supports adding, editing, and deleting conditional policies, adjusting priorities, importing and exporting, and setting expiration dates. | Required | link |
| Importing and Exporting Policies | Export conditional policies as a JSON (single) or ZIP (multiple) file, and the ability to import and register backup files. | Selection | link | ||
| Policy Application Status Inquiry | Function to query policies that were actually applied (heating) and those that were not applied by period, sorted by the number of applications and the most recent application date — Excel download support | Specialization | link | ||
| Download Policy Status Excel | Function to download all registered policies or search results as an Excel (.xlsx) file (provided separately from JSON backup) | Selection | link | ||
| Target Application | Member Settings | Function to designate policy application members and separately configure exclusion members | Required | link | |
| Target Site Settings | Function to select the target of policy application among the entire site, registered sites/groups, and web categories. | Required | link | ||
| Connection Conditions | Location, Time, Device Conditions | A feature that sets the policy application environment by combining location, time, and device conditions. | Required | link | |
| Access Policy | Access Allow/Block and Additional Authentication | Function to set URL access blocking or allowing and configure email·OTP additional authentication | Required | link | |
| Behavior Control | Keyboard · Site Navigation · URL Exposure | Function to control keyboard input, block external domain navigation, and set URL exposure based on conditions | Required | link | |
| File Upload and Download Control | Function to set whether file upload and download is allowed, along with conditions for file extensions and storage. | Required | link | ||
| Clipboard · Screen Lock | Function to Control Clipboard Direction Between Isolated Browser and PC and Set Idle Lock Screen | Required | link | ||
| Screen Marking · Printing Watermark | Function to set whether to apply screen marking and print watermark by conditional policy | Required | link | ||
| Context Menu Control | Function to control the right-click menu of the RBI browser on an item-by-item basis (page background, text, links, images, videos, audio, input fields) for the target area — when an item is OFF, the associated shortcut keys are also blocked. | Specialization | link | ||
| Sensitive Information Control | Blocking Sensitive Information Input | Function to detect personal information patterns in user input and block transmission (including generative AI services) | Specialization | link | |
| Screen Security Settings | Lock Screen Settings | Image and Message Customization | Function to customize the image and guidance message displayed on the lock screen | Selection | link |
| Guide Screen Settings | Image and Text Customization | Function to set images and guidance text for error screens such as system errors and session termination. | Selection | link | |
| Screen Marking Settings | Watermark Design Settings | Function to set display information, font, angle, spacing, and transparency of screen marking and provide real-time preview. | Required | link | |
| File Security Policy | File Transfer Policy | Extension · Conditional Control | Function to set differential file upload and download transfer policies by extension, user, and site. | Required | link |
| Clipboard and Print Watermark Control | Function to set clipboard directionality between PC and browser and apply print watermarks. | Specialization | link | ||
| File Management | Storage Management | Storage and Edge Server Configuration | Function to integrate external storage and register/manage Edge servers | Selection | link |
| Viewer and Permission Policy | Download and Access Permission Settings | Function to set viewing, editing, uploading, and downloading permissions by download repository policy and access path. | Selection | link | |
| Authentication and Integration | User Authentication | Authentication Integration | Function to set up AD integrated authentication, SSO integration, OTP, and additional email authentication. | Required | link |
| Provisioning | User Automatic Synchronization | Function to automatically synchronize users and groups by integrating with external systems. | Selection | link | |
| User and Group Management | Account Management | User Registration and Management | Function to individually or batch register users and manage their activation status and passwords. | Required | link |
| Group Management | Group Creation and Policy Application | Function to create and manage units for organization and policy application and manage members | Required | link | |
| Administrator Settings | Role-based permissions | Separation of Administrator Roles and Notifications | Function to refine administrator roles and provide notifications when key activities occur | Required | link |
| License Management | License Assignment | A feature that assigns licenses automatically or manually based on user activation status. | Selection | link | |
| Account Security | Security Policy Configuration | Function to set account security policies such as password rules, change cycles, and automatic logout. | Required | link | |
| System Operation Settings | Menu · PAC · Button Settings | Function to configure the operating environment, such as menu display options, PAC file distribution, and custom URL buttons. | Selection | link | |
| Logs and Monitoring | Log Inquiry | System Log | Function to view user and administrator activity logs, support for backup, archiving, and integrity verification. | Required | link |
| Generative AI Usage Log | Logging the entire content of queries (Input) and responses (Output) from major generative AI services such as ChatGPT, Claude, Gemini, Grok, and Perplexity, with the ability to filter and view based on AI service, user, duration, and conversation content — this can be used to understand AI usage status by user and for auditing information leaks within the company, with support for downloading in CSV format. | Specialization | link | ||
| Log Storage and Integration | Long-term Storage and SIEM Transmission | Store user logs for more than one year according to administrator settings, with features for proof of tamper prevention through backups and transmission to SIEM (Security Information and Event Management). | Specialization | link | |
| Access Monitoring | Connection Status Dashboard | A feature that provides website access status and real-time isolated browser operation status on a dashboard. | Required | link | |
| Connection Quality and Error Management | A feature that measures user-side connection speed and provides an interface for reporting errors. | Selection | link | ||
| System Monitoring | Node Monitoring | Monitoring system resource usage per node in an On-Premise environment | Selection | link |