Skip to main content

Function Specification (Internal → External Access)

※ Last updated: 2026-06-22

This document is a functional specification for cases of securely accessing external internet and SaaS services from an internal work environment.

Common management features such as user, group, license, conditional policy, and authentication settings areSecurity365 Management Center Function Specification DocumentPlease refer to.

RFP Notation Standards

NotationmeaningExplanation
mandatoryCommon Evaluation CriteriaRequired Features in Web Isolation (RBI) Project RFP
specializationDifferentiation ItemsUnique features of SHIELD Gate provide an advantage over competitors — Recommended to add evaluation criteria to the RFP.
SelectionAdditional ItemsFeatures suggested optionally based on customer requirements

User Features

Major CategoryMid-categorysub-categoryDetailed DescriptionRFP notationspec
Isolated BrowsingWeb AccessIsolated Browser AccessIsolation browser access feature that executes web browsing on the server and streams only the screen to neutralize online threats.mandatorylink
Isolated BrowsingWeb AccessURL input fieldProvide an input field where users can directly enter a URL to access.mandatorylink
Isolated BrowsingWeb AccessURL Input Field Search Engine IntegrationA feature that automatically links to the search results page of the configured search engine (Google·Naver·Daum·Nate·Bing) when a search term that is not in URL format is entered in the URL input field.specializationlink
Isolated BrowsingWeb AccessApp AccessFunction to access external SaaS through SHIELDGate and set user-specific access permissionsmandatorylink
Isolated BrowsingBrowser CompatibilityMulti-Browser SupportSupport features for major browsers such as Chrome, Edge, Firefox, and Safarimandatorylink
Isolated BrowsingBrowser CompatibilityAdvanced Web Feature SupportJavaScript interaction, WebGL 3D rendering, translation·zooming·right-clicking and other basic browser features providedmandatorylink
Isolated BrowsingBrowser CompatibilitySelect translation language directlyA feature that allows users to directly select the target language (Korean, English, Japanese, Simplified/Traditional Chinese) from the right-click menu when translating web pages in an isolated browser — the selected language is maintained during the login session.Selectionlink
Isolated BrowsingComplete Isolation ArchitectureDevice Isolation and Code/Data Blocking① Direct communication does not occur between the device browser and the corresponding web server, and ② the web server's script and HTML code are not executed on the device, and ③ cookies, temporary files, etc. are not stored on the device at all, resulting in a completely isolated structure.specializationlink
Isolated BrowsingComplete Isolation ArchitectureHTTPS Single Port Secure CommunicationConnect to the RBI server using standard HTTPS (TCP 443) with a single port and single session without using UDP, and structure for 1:1 transmission without relay servers like TURN — no need for separate firewall port openings or relay infrastructure, ensuring a security level equivalent to or higher than VPN when accessing externally (IAP, etc.)specializationlink
Isolated BrowsingComplete Isolation ArchitectureHigh-Definition Screen StreamingImmediately upon connection, the keyframes are prioritized for transmission to ensure high quality from the initial screen, and in the event of network jitter, the resolution is automatically adjusted to maintain responsiveness instead of interruptions, providing an intelligent screen transmission feature.specializationlink
Isolated BrowsingSecurity Plugin SupportEndpoint Broker TechnologyFunctionality that supports web applications requiring internal communication on PCs, such as banking security programs.specializationlink
Access PermissionAccess Environment-Based PermissionsAccess Environment-Based PermissionsFunction to set app usage permissions based on user location, device, and time conditionsmandatorylink
User Behavior ControlAccess ControlAccess Allow/DenyFunction to allow or block access to target URLs and categories based on conditional policiesmandatorylink
User Behavior ControlAccess ControlAdditional AuthenticationAdditional identity verification feature through email verification code or OTP authentication when access is granted.mandatorylink
User Behavior ControlAccess ControlAdd Authentication for Move URLA feature that requires additional authentication (MFA) when moving to in-app navigable URLs (related URLs) to verify identity before granting access.specializationlink
User Behavior ControlBehavior ControlKeyboard input blockingA feature that blocks keyboard input in the isolation browsermandatorylink
User Behavior ControlBehavior ControlSite Navigation BlockageA feature that blocks page navigation outside the connected domainSelectionlink
User Behavior ControlBehavior ControlURL Exposure ControlA feature to control the visibility of the current access URL in the URL input field based on conditions.Selectionlink
User Behavior ControlBehavior ControlIdle Screen LockA feature that switches to the lock screen after a set idle time to protect the data on the screen.Selectionlink
User Behavior ControlFile Transfer ControlAllow/Block UploadsFunction to Allow or Block File Uploads in Isolated Browsermandatorylink
User Behavior ControlFile Transfer ControlAllow/Block DownloadsFunction to Allow or Block File Downloads in Isolated Browsermandatorylink
User Behavior ControlFile Transfer ControlExtension ControlFunction to control whether to allow by extension when uploading and downloading filesmandatorylink
User Behavior ControlFile Transfer ControlInter-network solution via transmissionFunctionality that supports file upload and download through an existing network connection solution operating in a network isolation environment.specializationlink
User Behavior ControlClipboard ControlBidirectional Clipboard ControlA feature that controls copy/paste direction between the isolated browser and the user PC.mandatorylink
User Behavior ControlSensitive Information ControlBlock Sensitive Information InputFunction to detect personal information patterns in user input and block transmission (including generative AI services)specializationlink
User Behavior ControlSensitive Information ControlGenerative AI Prompt·Response Full LoggingA feature that allows full logging of input prompts and response content when using commercial generative AI.specializationlink
User Behavior ControlInput Prompt FirewallText Input Validation OverlayA feature that displays an overlay window to check the input content (sensitive information, etc.) when text input starts in a sandboxed browser, and then injects it back into the original input flow.specializationlink
User Behavior ControlInput Prompt FirewallFile Attachment Inspection OverlayFunction to display an overlay window when attaching files (drag and drop, file selection, clipboard paste) to inspect and sanitize the files before passing them to the original attachment event.specializationlink
User Behavior ControlPrint ControlPrint Allow/Block and WatermarkFunction to Allow or Block Printing in Isolated Browser — When Allowed, Watermark with User Identifiable Information May Be Appliedmandatorylink
Screen SecuritySecurity ScreenBlocking and Guidance ScreenDisplay a blocking notification screen when a policy is blocked, and provide a notification screen in case of technical issues such as connection errors or session termination.mandatorylink
Screen SecurityScreen MarkingScreen MarkingFunction to display user identification information as a watermark on the screen (automatically inserted during screen capture as well)mandatorylink
File SecurityFile EncryptionEncryption Storage and Key ManagementFunction to encrypt and store files during upload and dispose of the encryption key when deleting files.mandatorylink
File SecurityExtension ControlProcessing by ExtensionFunction to control uploads and downloads according to file extension blocking policymandatorylink
File SecurityMalware Scanning and DisinfectionMalware Scanning and CDRFunction to automatically apply malware scanning and CDR (Content Disarm and Reconstruction) processing during file upload and downloadmandatorylink
File SecuritySensitive Information DetectionSensitive Information Automatic DetectionA feature that automatically detects personal information in files and blocks transmission.mandatorylink
File SecurityGrade-based ControlGrade-based file transfer controlAutomatically control uploads and downloads according to file security levels (C/S/O) and grade rankings, and assign source and destination grades to unclassified files.specializationlink
File SecurityDocument Viewer IntegrationSHIELD Viewer IntegrationFunction to provide read-only preview through SHIELD Viewer when downloading filesmandatorylink
File ManagementStorage IntegrationExternal Storage and Edge ServerIntegration features for external storage such as NAS, OneDrive, Google Drive, and Edge server-based local storageSelectionlink
File ManagementDocument EditingCollaborative EditingMS365·Google Docs·Hancom Web·S3/NAS based document collaborative editing featureSelectionlink
File ManagementDocument EditingRead-only viewRead-only document viewing feature through SHIELD ViewerSelectionlink
File ManagementTeams IntegrationTeams File IntegrationFeatures that support file viewing, uploading, editing, and team-based tab access within the Teams app.Selectionlink
File ManagementFile SharingSharing and Permission ManagementURL link sharing, designating sharers and setting permissions, managing shared foldersSelectionlink
File ManagementExploration · Classification · CollaborationExploration and ClassificationFile and folder search, tagging, bookmarking, pinning important items to the top featureSelectionlink
File ManagementExploration · Classification · CollaborationCollaboration and HistoryDocument comment writing, file change notification subscription, viewing·editing·downloading history confirmation featureSelectionlink
File ManagementDeletion PolicyFile Management for DeletionAutomatically delete files after a certain period of retention and set the retention period for the file folder.Selectionlink
SaaS SupportSaaS CompatibilityMicrosoft 365Features supporting M365 services such as Teams, Office365, Word, PowerPoint, and SSOmandatorylink
SaaS SupportSaaS CompatibilityVideo ConferenceSupport for voice, video, and screen sharing features of video conferencing platforms such as Teams and Zoom.mandatorylink
SaaS SupportSaaS CompatibilityVideo StreamingVideo streaming and DRM protected content playback support featuresspecializationlink
InterfaceUI and MenuHide/Show Top BarA feature that hides or expands the top bar to support full-screen viewing and immersive browsing.Selectionlink
InterfaceUI and MenuHome Menu and GNB ShortcutHome menu usage settings and the feature to display and pin recently accessed apps·URLs in the GNB.Selectionlink
InterfaceUI and MenuCustom URL ButtonAdd a button for external URL calls to the top bar and a feature to pass user information as parameters.Selectionlink
InterfaceUI and MenuURL Bookmark (Favorites)A feature that allows you to save frequently accessed URLs as bookmarks in the isolation browser and reconnect with a single click from the home screen or top bar — supports adding bookmarks in the URL input field, displaying name, URL, and date added, and changing order via drag and drop.Selection

Admin Features

Major CategoryMid-categorysub-categoryDetailed DescriptionRFP notationspec
Isolation Browser ControlAccess Control PolicyPolicy ManagementFunction to create, modify, delete, and manage the priority of access control policies for each member's work system.mandatorylink
Isolation Browser ControlAccess Control PolicyMembers and Conditions SettingsFunction to designate the members subject to policy application and set conditions for location, time, and device.mandatorylink
Isolation Browser ControlAccess Control PolicyAccess to Business SystemFunction to individually set the accessibility of the app menu and URL input field menumandatorylink
Isolation Browser ControlAccess Control PolicyMaximum Tab Count LimitA feature that controls the maximum number of tabs that can be opened simultaneously in an isolated browser.Selectionlink
Isolation Browser ControlSession ManagementReal-time Session MonitoringA feature to view the resource status and tab information of all user sessions currently connected in real-time.mandatorylink
Isolation Browser ControlSession ManagementSession Force TerminationFunction to forcibly terminate the selected session immediately or with a grace period — Input termination reason (required), display countdown warning on user screen, simultaneous termination of all tabs, automatic saving of termination records supportedspecializationlink
Access ControlApp and URL ManagementApp Access SettingsFunction to register apps accessible through SHIELDGate and set user-specific access permissions.mandatorylink
Access ControlApp and URL ManagementURL List · Group ManagementA function to register and manage access control target URLs and group them for use as a unit for policy application.mandatorylink
Access ControlApp and URL ManagementManage Movable URLFunction to register and control movable URLs in a specific SaaSSelectionlink
Access ControlApp and URL ManagementURL·App Security Rating AssignmentA feature that specifies the security level (C/S/O) for the target URL/app to be used as a source criterion for file grade determination.specializationlink
Access ControlApp and URL ManagementAdd Authentication Settings for Move URLFunction to set whether to apply additional authentication (MFA) for movable URLsspecializationlink
Access ControlWeb Category ManagementCategory View·Edit·RollbackFunction to check the category classification of the website and customize it or restore to default.mandatorylink
Access ControlWeb Category ManagementAutomatic ClassificationAutomatically classify and register web categories for new URLs accessed by users — automatic mapping among over 100 standard categories of SHIELDGate, administrators can view classification results and make custom changes.specialization
Access ControlConnection Environment ControlConnection Condition RegistrationA feature to register user access environment conditions (IP, device, time, etc.) and set app access permissions.mandatorylink
Conditional PolicyPolicy ManagementPolicy Creation, Modification, DeletionA feature that supports adding, editing, and deleting conditional policies, adjusting priorities, importing and exporting, and setting expiration dates.mandatorylink
Conditional PolicyPolicy ManagementImporting and Exporting PoliciesExport conditional policies as a JSON (single) or ZIP (multiple) file, and the functionality to import and register backup files.Selectionlink
Conditional PolicyPolicy ManagementPolicy Application Status InquiryFunction to query policies that were actually applied (heating) and not applied by period, sorted by the number of applications and the most recent application date — Excel download supportspecializationlink
Conditional PolicyPolicy ManagementPolicy Status Excel DownloadFunction to download all registered policies or search results as an Excel (.xlsx) file (provided separately from JSON backup)Selectionlink
Conditional PolicyPolicy ManagementBasic Policy SettingsFunction to automatically apply pre-set default values for conditions, execution policies, and isolation security policies when registering new conditional policies — independent default value management by menu, support for initializing existing registered policies to default values.mandatorylink
Conditional PolicyPolicy ManagementUnused Policy Automatic DeactivationA feature that automatically deactivates conditional policies that have not been applied (heated) during the period set by the administrator and records the reason and timing of deactivation — helps prevent unnecessary policy accumulation and supports audit tracking.specializationlink
Conditional PolicyPolicy ManagementPolicy Integrated SearchIntegrated search function to search policies by various criteria such as member (name, email, group), target site, conditions, usage status, etc. from the list of conditional policies — supports priority change while maintaining search filter state.mandatory
Conditional PolicyTarget ApplicationMember SettingsFunction to designate policy application members and separately set exclusion membersmandatorylink
Conditional PolicyTarget ApplicationTarget Site SettingsFunction to select the target of policy application among the entire site, registered sites/groups, and web categoriesmandatorylink
Conditional PolicyConnection ConditionsLocation, Time, Device ConditionsA feature that sets the policy application environment by combining location, time, and device conditions.mandatorylink
Conditional PolicyAccess PolicyAccess Allow/Deny and Additional AuthenticationFunction to set URL access blocking or allowing and configure email·OTP additional authenticationmandatorylink
Conditional PolicyBehavior ControlKeyboard · Site Navigation · URL ExposureKeyboard input control, blocking movement outside the domain, and setting the exposure of URLs based on conditions.mandatorylink
Conditional PolicyBehavior ControlFile Upload and Download ControlFunction to set the allowed status for file upload and download, as well as extensions and storage based on conditions.mandatorylink
Conditional PolicyBehavior ControlGrade-based file transfer controlA feature that automatically enforces uploads and downloads based on file grades and grade rankings, and sets the method for grade assignment.specializationlink
Conditional PolicyBehavior ControlClipboard · Screen LockFunction to Control Clipboard Direction Between Isolated Browser and PC and Set Idle Lock Screenmandatorylink
Conditional PolicyBehavior ControlScreen Marking · Printing WatermarkFunction to set whether to apply screen marking and print watermark by conditional policymandatorylink
Conditional PolicyBehavior ControlContext Menu ControlFunction to control the right-click menu of the RBI browser on an item-by-item basis (page background, text, link, image, video, audio, input field) ON/OFF — When an item is OFF, the associated shortcut keys are also blocked.specializationlink
Conditional PolicySensitive Information ControlBlock Sensitive Information InputFunction to detect personal information patterns in user input and block transmission (including generative AI services)specializationlink
Screen Security SettingsLock Screen SettingsImage and Message CustomizationFunction to customize the image and guidance message displayed on the lock screenSelectionlink
Screen Security SettingsGuide Screen SettingsImage and Text CustomizationFunction to set images and guidance text for error screens such as system errors and session termination.Selectionlink
Screen Security SettingsScreen Marking SettingsWatermark Design SettingsFunction to set display information of screen marking: font, angle, spacing, transparency, and provide real-time preview.mandatorylink
File Security PolicyFile Transfer PolicyExtension · Conditional ControlA feature that allows differential setting of file upload and download transfer policies by extension, user, and site.mandatorylink
File Security PolicyFile Transfer PolicyClipboard and Print Watermark ControlFunction to set the clipboard directionality between PC and browser and apply print watermarksspecializationlink
File ManagementStorage ManagementStorage and Edge Server ConfigurationFunction to integrate external storage and register/manage Edge serversSelectionlink
File ManagementViewer·Permission PolicyDownload and Access Permission SettingsFunction to set viewing, editing, uploading, and downloading permissions by download repository policy and access path.Selectionlink
Authentication and IntegrationUser AuthenticationAuthentication IntegrationFunction to set up AD integrated authentication, SSO linkage, OTP, and additional email authenticationmandatorylink
Authentication and IntegrationUser AuthenticationBiometric Authentication (Windows Hello)A feature that supports login and additional authentication using biometric information such as fingerprints and facial recognition based on Windows Hello.specialization
Authentication and IntegrationProvisioningUser Automatic SynchronizationFunction to automatically synchronize users and groups by integrating with external systemsSelectionlink
User·Group ManagementAccount ManagementUser Registration and ManagementFunction to register users individually or in bulk and manage activation status and passwordsmandatorylink
User·Group ManagementGroup ManagementGroup Creation and Policy ApplicationFunction to create and manage units for organization and policy application, and manage members.mandatorylink
Administrator SettingsRole-based permissionsSeparation of Administrator Roles and NotificationsFunction to refine administrator roles and provide notifications when key activities occurmandatorylink
Administrator SettingsLicense ManagementLicense AssignmentA feature that assigns licenses automatically or manually based on user activation status.Selectionlink
Administrator SettingsAccount SecuritySecurity Policy SettingsFunction to set account security policies such as password rules, change cycles, automatic logout, etc.mandatorylink
Administrator SettingsSystem Operation SettingsMenu·PAC·Button SettingsFunction to configure the operating environment, such as menu display options, PAC file distribution, and custom URL buttons.Selection
Logs and MonitoringLog InquirySystem LogFunction to view user and administrator activity logs, support for backup, archiving, and integrity verification.mandatorylink
Logs and MonitoringLog InquiryGenerative AI Usage LogLogging the entire content of queries (Input) and responses (Output) from major generative AI services such as ChatGPT, Claude, Gemini, Grok, and Perplexity, with the ability to filter and retrieve based on AI service, user, duration, and conversation content — useful for understanding AI usage status by user and for auditing information leaks within the company, with support for downloading in CSV format.specializationlink
Logs and MonitoringLog Storage and IntegrationLong-term Storage and SIEM TransmissionStore user logs for more than 1 year according to administrator settings, and provide proof of tampering prevention through backups and transmission to SIEM (Security Information and Event Management) functionality.specializationlink
Logs and MonitoringAccess MonitoringConnection Status DashboardA feature that provides website access status and real-time isolated browser operation status on a dashboard.mandatorylink
Logs and MonitoringAccess MonitoringConnection Quality and Error ManagementFunction to measure user-side access speed and provide a reporting interface in case of errorsSelectionlink
Logs and MonitoringSystem MonitoringNode MonitoringFunction to monitor system resource usage per node in an On-Premise environmentSelectionlink