Function Specification (Internal → External Access)
※ Last updated: 2026-06-08
This document is a functional specification for cases of securely accessing external internet and SaaS services from an internal work environment.
Common management features such as user, group, license, conditional policy, and authentication settings areSecurity365 Management Center Functional Specification DocumentPlease refer to.
RFP Notation Standards
| Notation | meaning | Explanation |
|---|---|---|
| Essential | Common Evaluation Criteria | Required Features Typically Requested in Web Isolation (RBI) Business RFP |
| specialization | Differentiation Items | Unique feature of SHIELD Gate that provides an advantage over competitors — Recommended to add evaluation criteria to the RFP. |
| Selection | Additional Items | Features proposed optionally based on customer requirements |
User Features
| Major Category | Mid-category | sub-category | Detailed Description | RFP notation | spec |
|---|---|---|---|---|---|
| Isolated Browsing | Web Access | Isolated Browser Access | Isolation browser access feature that executes web browsing on the server and streams only the screen to neutralize online threats. | Essential | link |
| URL input field | Provide an input field where users can enter a URL to access. | Essential | link | ||
| URL Input Field Search Engine Integration | A feature that automatically links to the search results page of the configured search engine (Google·Naver·Daum·Nate·Bing) when a search term that is not in URL format is entered in the URL input field. | specialization | link | ||
| App Access | The feature to access external SaaS through SHIELDGate and set user-specific access permissions. | Essential | link | ||
| Browser Compatibility | Multi-Browser Support | Support features for major browsers such as Chrome, Edge, Firefox, and Safari | Essential | link | |
| Advanced Web Feature Support | JavaScript interaction, WebGL 3D rendering, basic browser features such as translation, zooming, right-clicking, etc. | Essential | link | ||
| Select translation language directly | A feature that allows users to directly select the target language (Korean, English, Japanese, Simplified/Traditional Chinese) from the right-click menu when translating web pages in an isolated browser — the selected language is maintained during the login session. | Selection | link | ||
| Complete Isolation Architecture | Device Isolation and Code/Data Blocking | ① Direct communication does not occur between the device browser and the corresponding web server, and ② the web server's script and HTML code are not executed on the device, and ③ cookies, temporary files, etc. are not stored on the device at all, resulting in a completely isolated structure. | specialization | link | |
| HTTPS Single Port Secure Communication | Connect to the RBI server using standard HTTPS (TCP 443) with a single port and single session without using UDP, and structure for 1:1 transmission without relay servers like TURN — no need for separate firewall port openings or relay infrastructure, ensuring a security level equivalent to or higher than VPN when accessing externally (IAP, etc.) | specialization | link | ||
| High-Definition Screen Streaming | Immediately upon connection, the keyframes are prioritized for transmission to ensure high quality from the initial screen, and in the event of network jitter, the resolution is automatically adjusted to maintain responsiveness instead of interruptions, providing an intelligent screen transmission feature. | specialization | link | ||
| Security Plugin Support | Endpoint Broker Technology | Functionality that supports web applications requiring internal communication on PCs, such as banking security programs. | specialization | link | |
| Access Permission | Access Environment-Based Permissions | Access Environment-Based Permissions | Function to set app usage permissions based on user location, device, and time conditions | Essential | link |
| User Behavior Control | Access Control | Access Allow/Deny | A feature that allows or blocks access to target URLs and categories according to conditional policies. | Essential | link |
| Additional Authentication | Additional identity verification feature through email verification code or OTP verification when access is granted | Essential | link | ||
| Behavior Control | Keyboard input blocking | Function to Block Keyboard Input in Isolated Browser | Essential | link | |
| Site Access Block | A feature that blocks page navigation outside the connected domain | Selection | link | ||
| URL Exposure Control | A feature that controls the visibility of the current access URL in the URL input field based on conditions. | Selection | link | ||
| Idle Screen Lock | A feature that switches to the lock screen after a set idle time to protect the data on the screen. | Selection | link | ||
| File Transfer Control | Allow/Block Upload | Function to Allow or Block File Uploads in Isolated Browser | Essential | link | |
| Allow/Block Downloads | Feature to Allow or Block File Downloads in Isolated Browser | Essential | link | ||
| Extension Control | Function to Control Allowance by Extension for File Upload and Download | Essential | link | ||
| Inter-network solution via transmission | Functionality to support file upload and download via an existing network connection solution operating in a network separation environment. | specialization | link | ||
| Clipboard Control | Bidirectional Clipboard Control | Function to control copy/paste direction between the isolated browser and the user PC | Essential | link | |
| Sensitive Information Control | Block Sensitive Information Input | Function to detect personal information patterns in user input and block transmission (including generative AI services) | specialization | link | |
| Generative AI Prompt·Response Full Logging | A feature that allows for complete logging of input prompts and response content when using commercial generative AI. | specialization | link | ||
| Print Control | Print Allow/Block and Watermark | Function to Allow or Block Printing in Isolated Browser — When Allowed, Watermark with User Identifiable Information May Be Applied | Essential | link | |
| Screen Security | Security Screen | Blocking and Guidance Screen | Display a blocking notification screen when a policy is blocked, and provide a notification screen in case of technical issues such as connection errors or session termination. | Essential | link |
| Screen Marking | Screen Marking | Function to display user identification information as a watermark on the screen (automatically inserted during screen capture as well) | Essential | link | |
| File Security | File Encryption | Encryption Storage and Key Management | Function to encrypt and store files during upload and dispose of the encryption key when deleting files. | Essential | link |
| Extension Control | Processing by Extension | Function to control uploads and downloads according to file extension blocking policy | Essential | link | |
| Malware Scanning and Neutralization | Malware Scanning and CDR | A feature that automatically applies malware scanning and CDR (Content Disarm and Reconstruction) processing during file upload and download. | Essential | link | |
| Sensitive Information Detection | Automatic Sensitive Information Detection | A feature that automatically detects personal information in files and blocks transmission. | Essential | link | |
| Document Viewer Integration | SHIELD Viewer Integration | Function to provide read-only preview through SHIELD Viewer when downloading files | Essential | link | |
| File Management | Storage Integration | External Storage and Edge Server | Integration features for external storage such as NAS, OneDrive, Google Drive, and Edge server-based local storage | Selection | link |
| Document Editing | Collaborative Editing | MS365·Google Docs·Hancom Web·S3/NAS based document collaboration feature | Selection | link | |
| Read-Only Access | Read-only document viewing feature through SHIELD Viewer | Selection | link | ||
| Teams Integration | Teams File Integration | Functionality that supports file viewing, uploading, editing, and team-based tab access within the Teams app. | Selection | link | |
| File Sharing | Sharing and Permission Management | URL link sharing, specifying the sharer, and permission settings, managing shared folders | Selection | link | |
| Exploration · Classification · Collaboration | Exploration and Classification | File and Folder Search, Tagging, Bookmarking, Pinning Important Items to the Top Function | Selection | link | |
| Collaboration and History | Document comment writing, file change notification subscription, viewing, editing, and downloading history confirmation feature | Selection | link | ||
| Deletion Policy | Delete File Management | Automatically delete files after retaining them for a certain period and set the retention period for the file cabinet. | Selection | link | |
| SaaS Support | SaaS Compatibility | Microsoft 365 | Features supporting M365 services such as Teams, Office365, Word, PowerPoint, and SSO | Essential | link |
| Video Conference | Support for voice, video, and screen sharing features of video conferencing platforms such as Teams, Zoom, etc. | Essential | link | ||
| Video Streaming | Video streaming and DRM protected content playback support features | specialization | link | ||
| Interface | UI and Menu | Hide/Show Top Bar | A feature that hides or expands the top bar to support full-screen viewing and immersive browsing. | Selection | link |
| Home Menu and GNB Shortcut | Setting the home menu usage and displaying/fixing recently accessed apps·URLs in the GNB | Selection | link | ||
| Custom URL Button | Add a button for calling external URLs in the top bar and a feature to pass user information as parameters. | Selection | link | ||
| URL bookmark (favorites) | A feature to save frequently accessed URLs as bookmarks in the isolation browser and reconnect with a single click from the home screen or top bar — supports adding bookmarks from the URL input field, displaying name, URL, and date added, and changing order via drag and drop. | Selection | link |
Admin Features
| Major Category | Mid-category | sub-category | Detailed Description | RFP notation | spec |
|---|---|---|---|---|---|
| Isolation Browser Control | Access Control Policy | Policy Management | Function to create, modify, delete, and manage the priority of access control policies for each member's work system. | Essential | link |
| Members and Conditions Settings | Function to designate the members subject to policy application and set conditions for location, time, and device. | Essential | link | ||
| Allow access to the business system | Function to individually set the accessibility of the app menu and URL input field menu | Essential | link | ||
| Maximum Tab Count Limit | A feature that controls the maximum number of tabs that can be opened simultaneously in an isolated browser. | Selection | link | ||
| Session Management | Real-time session monitoring | A feature to view the resource status and tab information of all user sessions currently connected in real-time. | Essential | link | |
| Session Forced Termination | Function to forcefully terminate the selected session immediately or with a delay — input for termination reason (required), countdown warning displayed on user screen, simultaneous termination of all tabs, automatic saving of termination records supported | specialization | link | ||
| Access Control | App and URL Management | App Access Settings | Function to register apps accessible through SHIELDGate and set user-specific access permissions | Essential | link |
| URL List · Group Management | A feature that registers and manages access control target URLs and groups them for use as a unit for policy application. | Essential | link | ||
| Manage Movable URL | Function to register and control movable URLs in a specific SaaS | Selection | link | ||
| Web Category Management | Category View·Edit·Rollback | Function to check the category classification of the website and either customize it or restore it to default. | Essential | link | |
| Automatic Classification | Automatically classify web categories for new URLs accessed by users and register them in the database — automatic mapping among over 100 standard categories of SHIELDGate, with the ability for administrators to view classification results and make custom changes. | specialization | link | ||
| Connection Environment Control | Connection Condition Registration | Function to register user access environment conditions (IP, device, time, etc.) and set app access permissions. | Essential | link | |
| Conditional Policy | Policy Management | Policy Creation, Modification, Deletion | Features that support adding, editing, and deleting conditional policies, adjusting priorities, importing and exporting, and setting expiration dates. | Essential | link |
| Importing and Exporting Policies | Export conditional policies as JSON (single) or ZIP (multiple) files, and the functionality to import and register backup files. | Selection | link | ||
| Policy Application Status Inquiry | Function to query policies that were actually applied (heating) and those that were not applied by period, sorted by the number of applications and the most recent application date — Excel download support | specialization | link | ||
| Policy Status Excel Download | Function to download all registered policies or search results as an Excel (.xlsx) file (provided separately from JSON backup) | Selection | link | ||
| Basic Policy Settings | Function to automatically apply pre-set defaults for condition, execution policy, and isolation security policy when registering a new conditional policy — independent default management by menu, support for initializing existing registered policies to defaults. | Essential | link | ||
| Unused Policy Automatic Deactivation | A feature that automatically deactivates conditional policies that have not been applied (heated) during the standard period set by the administrator and records the reason and timing of deactivation — helps prevent unnecessary policy accumulation and supports audit tracking. | specialization | link | ||
| Policy Integrated Search | Integrated search function to search policies by various criteria such as member (name, email, group), target site, conditions, and usage status in the conditional policy list — supports priority change while maintaining search filter state. | Essential | link | ||
| Target Application | Member Settings | Function to specify policy application members and separately set exclusion members | Essential | link | |
| Target Site Settings | Function to select the target of policy application among the entire site, registered sites/groups, and web categories. | Essential | link | ||
| Connection Conditions | Location, Time, Device Conditions | A feature that sets the policy application environment by combining location, time, and device conditions. | Essential | link | |
| Access Policy | Access Allow/Deny and Additional Authentication | Function to set URL access blocking or allowing and configure email·OTP additional authentication | Essential | link | |
| Behavior Control | Keyboard · Site Navigation · URL Exposure | Function to control keyboard input, block external domain navigation, and set URL exposure based on conditions. | Essential | link | |
| File Upload and Download Control | Function to set whether file upload and download are allowed, along with conditions for file extensions and storage. | Essential | link | ||
| Clipboard · Screen Lock | Function to Control Clipboard Direction Between Isolated Browser and PC and Set Idle Lock Screen | Essential | link | ||
| Screen Marking · Printing Watermark | Function to set the application of screen marking and print watermark by conditional policy | Essential | link | ||
| Context Menu Control | Function to control the right-click menu of the RBI browser on an item-by-item ON/OFF basis for target areas (page background, text, links, images, videos, audio, input fields) — when an item is OFF, the associated shortcut keys are also blocked. | specialization | link | ||
| Sensitive Information Control | Block Sensitive Information Input | Block Sensitive Information Input | Function to detect personal information patterns in user input and block transmission (including generative AI services) | specialization | link |
| Screen Security Settings | Lock Screen Settings | Image and Message Customization | Function to customize the image and guidance message displayed on the lock screen | Selection | link |
| Guide Screen Settings | Image and Text Customization | Function to set the images and guidance text for the error screen, session termination, etc. | Selection | link | |
| Screen Marking Settings | Watermark Design Settings | Function to set display information of screen marking, including font, angle, spacing, and transparency, and provide real-time preview. | Essential | link | |
| File Security Policy | File Transfer Policy | Extension · Conditional Control | A feature that allows differential settings for file upload and download transfer policies by extension, user, and site. | Essential | link |
| Clipboard and Print Watermark Control | Function to set clipboard directionality between PC and browser and apply print watermark. | specialization | link | ||
| File Management | Storage Management | Storage and Edge Server Configuration | Function to integrate external storage and register/manage Edge servers | Selection | link |
| Viewer·Permission Policy | Download and Access Permission Settings | Function to set viewing, editing, uploading, and downloading permissions by download repository policy and access path | Selection | link | |
| Authentication and Integration | User Authentication | Authentication Integration | Function to set up AD integrated authentication, SSO integration, OTP, and additional email authentication. | Essential | link |
| Provisioning | User Automatic Synchronization | Function to automatically synchronize users and groups by integrating with external systems | Selection | link | |
| User·Group Management | Account Management | User Registration and Management | Function to individually or batch register users and manage activation status and passwords | Essential | link |
| Group Management | Group Creation and Policy Application | Function to create and manage units for organization and policy application and manage members | Essential | link | |
| Administrator Settings | Role-based permissions | Separation of Administrator Roles and Notifications | Function to refine administrator roles and provide notifications for key activities | Essential | link |
| License Management | License Assignment | A feature that automatically or manually assigns licenses based on user activation status. | Selection | link | |
| Account Security | Security Policy Settings | Function to set account security policies such as password rules, change cycles, and automatic logout. | Essential | link | |
| System Operation Settings | Menu·PAC·Button Settings | Function to configure the operating environment, such as menu display options, PAC file distribution, custom URL buttons, etc. | Selection | link | |
| Logs and Monitoring | Log Inquiry | System Log | Function to view user and administrator activity logs, support for backup, archiving, and integrity verification. | Essential | link |
| Generative AI Usage Log | Logging the entire content of queries (Input) and responses (Output) from major generative AI services such as ChatGPT, Claude, Gemini, Grok, and Perplexity, with the ability to filter and view based on AI service, user, duration, and conversation content — can be used to understand AI usage status by user and for auditing information leaks within the company, and supports downloading in CSV format. | specialization | link | ||
| Log Storage and Integration | Long-term Storage and SIEM Transmission | Store user logs for more than 1 year according to administrator settings, and provide proof of tampering prevention through backups and transmission to SIEM (Security Information and Event Management) functionality. | specialization | link | |
| Access Monitoring | Connection Status Dashboard | Function to provide website access status and real-time isolation browser operation status on a dashboard | Essential | link | |
| Connection Quality and Error Management | Function to measure user-side access speed and provide a reporting interface in case of errors | Selection | link | ||
| System Monitoring | Node Monitoring | Function to monitor system resource usage per node in an On-Premise environment | Selection | link |