Function Specification (Complete)
※ Last updated: 2026-04-02
This document is a comprehensive functional specification that integrates two access cases of the SHIELD Gate.
- External → Internal: Cases for securely accessing internal work environments from outside (remote work, BYOD, etc.)
- internal → external: A case for securely accessing external internet and SaaS services from an internal work environment
Common management features such as user, group, license, conditional policy, and authentication settings areSecurity365 Management Center Functional Specification DocumentPlease refer to.
RFP Notation Standards
| Notation | Meaning | Description |
|---|---|---|
| Required | Common Evaluation Criteria | Commonly Required Features in the Web Isolation (RBI) Project RFP |
| specialization | Differentiation Items | Unique feature of SHIELD Gate that provides an advantage over competitors —Recommendation to Add Evaluation Criteria to the RFP |
| Selection | Additional Items | Features offered optionally based on customer requirements |
User Features
| Major Category | Mid-category | Subcategory | Detailed Description | RFP notation | specifications |
|---|---|---|---|---|---|
| Isolated Browsing | Web Access | Isolated Browser Access | Isolation browser access feature that executes web browsing on the server and streams only the screen to neutralize online threats. | Required | link |
| URL input field | Provide an input field where users can directly enter a URL to access. | Required | link | ||
| URL Input Field Search Engine Integration | A feature that automatically links to the search results page of the configured search engine (Google, Naver, Daum, Nate, Bing) when a search term that is not in URL format is entered in the URL input field. | specialization | link | ||
| App Access (Internal Work App) | The feature to access internal business apps through SHIELDGate and set user-specific access permissions. | Required | link | ||
| App Access (External SaaS) | The feature to access external SaaS through SHIELDGate and set user-specific access permissions. | Required | link | ||
| Browser Compatibility | Multi-Browser Support | Support features for major browsers such as Chrome, Edge, Firefox, and Safari | Required | link | |
| Support for advanced web features | JavaScript interaction, WebGL 3D rendering, basic browser features such as translation, zooming, and right-clicking. | Required | link | ||
| Fully Isolated Architecture | Device Isolation and Code/Data Blocking | ① There is no direct communication between the device browser and the corresponding web server, ② the web server's script and HTML code are not executed on the device, and ③ cookies, temporary files, etc. are not stored on the device at all, resulting in a completely isolated structure. | specialization | link | |
| HTTPS Single Port Secure Communication | Connect to the RBI server using standard HTTPS (TCP 443) with a single port and single session without using UDP, and transmit 1:1 without relay servers like TURN — no need for separate firewall port openings or relay infrastructure, ensuring a security level equivalent to or higher than VPN for external access (such as IAP, etc.). | specialization | link | ||
| High-Quality Screen Streaming | An intelligent screen transmission feature that prioritizes the transmission of keyframes immediately upon connection to ensure high quality from the initial screen, and automatically adjusts the resolution in case of network jitter to maintain responsiveness instead of interruptions. | specialization | link | ||
| Security Plugin Support | Endpoint Broker Technology | Functionality that supports web applications requiring internal communication on PCs, such as banking security programs. | specialization | link | |
| Access Permissions | Access Environment-Based Permissions | A feature that sets app and desktop usage permissions based on user location, device, and time conditions. | Required | link | |
| User Behavior Control | Access Control | Access Allow/Deny | A feature that allows or blocks access to target URLs and categories based on conditional policies. | Required | link |
| Additional Authentication | Additional identity verification feature through email verification code or OTP authentication when access is granted | Required | link | ||
| Behavior Control | Keyboard Input Blocking | A feature that blocks keyboard input in the isolation browser | Required | link | |
| Site Navigation Blockage | A feature that blocks page navigation to external domains. | Selection | link | ||
| URL Exposure Control | A feature that controls the visibility of the current access URL in the URL input field based on conditions. | Selection | link | ||
| Idle Screen Lock | A feature that switches to the lock screen after a set idle time to protect the data on the screen. | Selection | link | ||
| File Transfer Control | Allow/Block Uploads | Feature to Allow or Block File Uploads in Isolated Browser | Required | link | |
| Allow/Block Downloads | Feature to Allow or Block File Downloads in Isolated Browser | Required | link | ||
| Extension Control | Function to control whether to allow file uploads and downloads by extension | Required | link | ||
| Transmission via the interconnection solution | Functionality that supports file upload and download via an existing network connection solution operating in a network separation environment. | specialization | link | ||
| Clipboard Control | Bidirectional Clipboard Control | A feature that controls copy/paste direction between the isolated browser and the user PC. | Required | link | |
| Sensitive Information Control | Sensitive Information Input Blockage | Function to detect personal information patterns in user input and block transmission (including generative AI services) | specialization | link | |
| Complete Logging of Generative AI Prompts and Responses | A feature that allows for complete logging of input prompts and response content when using commercial generative AI. | specialization | link | ||
| Print Control | Print Allow/Block and Watermark | Function to Allow or Block Printing in Isolated Browser — Watermark with User Identifiable Information May Be Applied When Allowed | Required | link | |
| Screen Security | Security Screen | Block/Guide Screen | A feature that displays a blocking notification screen when a policy is blocked, and provides a notification screen in case of technical issues such as connection errors or session termination. | Required | link |
| Screen Marking | Screen Marking | Function to display user identification information as a watermark on the screen (automatically inserted during screen capture as well) | Required | link | |
| Remote Access | Personal Desktop | Desktop Registration and Remote Access | Registering a personal desktop and accessing it remotely via a web browser — Access condition policies and support for Wake-on-LAN (WOL) | specialization | link |
| Recent Access Desktop Display | A feature that allows direct access to the last used desktop from the GNB. | Selection | link | ||
| Server Remote Console | Web-based server access | Server Remote Access Function Based on SSH·VNC·Telnet Protocols — Command Execution and File Transfer Support | specialization | link | |
| File Security | File Encryption | Encryption Storage and Key Management | Function to encrypt and store files during upload and dispose of the encryption key upon file deletion | Required | link |
| Extension Control | Processing by Extension | Function to control uploads and downloads according to file extension blocking policy | Required | link | |
| Malware Scanning and Disinfection | Malware Scanning and CDR | A feature that automatically applies malware scanning and CDR (Content Disarm and Reconstruction) processing during file upload and download. | Required | link | |
| Sensitive Information Detection | Automatic Sensitive Information Detection | A feature that automatically detects personal information within files and blocks transmission. | Required | link | |
| Document Viewer Integration | SHIELD Viewer Integration | Feature to provide read-only preview through SHIELD Viewer when downloading files | Required | link | |
| File Management | Storage Integration | External Storage and Edge Server | Integration features for external storage such as NAS, OneDrive, Google Drive, and Edge server-based local storage. | Selection | link |
| Document Editing | Collaborative Editing | MS365·Google Docs·Hancom Web·S3/NAS-based document collaboration features | Selection | link | |
| Read-Only Viewing | Read-Only Document Viewing Functionality through SHIELD Viewer | Selection | link | ||
| Teams Integration | Teams File Integration | Features that support file viewing, uploading, editing, and team-based tab access within the Teams app | Selection | link | |
| File Sharing | Sharing and Permission Management | URL link sharing, designating sharers, and permission settings, managing shared folders | Selection | link | |
| Exploration·Classification·Collaboration | Exploration and Classification | File and Folder Search, Tagging, Bookmarking, Pinning Important Items to the Top Feature | Selection | link | |
| Collaboration and History | Document comment writing, file change notification subscription, viewing, editing, and downloading history confirmation feature | Selection | link | ||
| Deletion Policy | Deleted File Management | A feature that automatically deletes files after retaining them for a certain period and allows setting the retention period for the file storage. | Selection | link | |
| SaaS Support | SaaS Compatibility | Microsoft 365 | Features supporting M365 services such as Teams, Office365, Word, PowerPoint, and SSO | Required | link |
| Video Conference | Support for audio, video, and screen sharing features of video conferencing platforms such as Teams and Zoom. | Required | link | ||
| Video Streaming | Support for video streaming and playback of DRM-protected content | specialization | link | ||
| Interface | UI and Menu | Hide/Show Top Bar | A feature that hides or expands the top bar to support full-screen viewing and immersive browsing. | Selection | link |
| Home Menu and GNB Shortcuts | Setting the Home Menu Usage and Displaying/Fixing Recently Accessed Apps and URLs in the GNB | Selection | link | ||
| Custom URL Button | Adding a button to the top bar for calling external URLs and passing user information as parameters | Selection | link |
Admin Features
| Major Category | Mid-category | Subcategory | Detailed Description | RFP notation | specifications |
|---|---|---|---|---|---|
| Isolated Browser Control | Access Control Policy | Policy Management | Function to create, modify, delete, and manage the priority of access control policies for each member's work system. | Required | link |
| Member and Condition Settings | Function to designate the members subject to policy application and set conditions for location, time, and device. | Required | link | ||
| Access to Business System | Function to individually set the accessibility of the app menu and URL input field menu | Required | link | ||
| Maximum Tab Count Limit | A feature that controls the maximum number of tabs that can be opened simultaneously in an isolated browser. | Selection | link | ||
| Session Management | Real-time Session Monitoring | A feature to view the resource status and tab information of all user sessions currently connected in real-time. | Required | link | |
| Session Force Termination | Function to forcefully terminate the selected session immediately or with a delay — requires input for termination reason (mandatory), displays countdown warning on user screen, simultaneous termination of all tabs, and supports automatic saving of termination records. | specialization | link | ||
| Access Control | App and URL Management | App Access Settings | Function to register apps accessible through SHIELDGate and set user-specific access permissions. | Required | link |
| URL List · Group Management | A feature that registers and manages target URLs for access control and groups them for use as a unit for policy application. | Required | link | ||
| Manage Movable URLs | Function to register and control movable URLs in a specific SaaS | Selection | link | ||
| Web Category Management | Category View·Edit·Rollback | Function to check the category classification of the website and customize it or restore to default settings. | Required | link | |
| Connection Environment Control | Registration of Access Conditions | A feature to register user access environment conditions (IP, device, time, etc.) and set app and desktop access permissions. | Required | link | |
| Conditional Policy | Policy Management | Policy Creation, Modification, Deletion | Functionality to add, edit, and delete conditional policies, adjust priorities, import and export, and set expiration dates. | Required | link |
| Importing and Exporting Policies | Function to send conditional policies as a JSON (single) or ZIP (multiple) file, and to import and register backup files. | Selection | link | ||
| Policy Application Status Inquiry | Function to query policies that were actually applied (heating) and those that were not applied by period, sorted by the number of applications and the most recent application date — Excel download support | specialization | link | ||
| Download Policy Status Excel | Feature to download all registered policies or search results as an Excel (.xlsx) file (provided separately from JSON backup) | Selection | link | ||
| Applicable targets | Member Settings | Function to designate policy application members and separately set exclusion members | Required | link | |
| Target Site Settings | Function to select the target of policy application among the entire site, registered sites/groups, and web categories. | Required | link | ||
| Connection Conditions | Location, Time, Device Conditions | A feature that sets the policy application environment by combining location, time, and device conditions. | Required | link | |
| Access Policy | Access Allow/Deny and Additional Authentication | Function to set URL access blocking or allowing and configure additional email and OTP authentication | Required | link | |
| Behavior Control | Keyboard · Site Navigation · URL Exposure | Function to control keyboard input, block movement outside the domain, and set URL exposure based on conditions. | Required | link | |
| File Upload and Download Control | Function to set whether file upload and download is allowed, along with conditions for file extensions and storage. | Required | link | ||
| Clipboard · Screen Lock | Function to control clipboard direction between the isolated browser and PC and set the idle lock screen. | Required | link | ||
| Screen Marking · Printing Watermark | Function to set whether to apply screen marking and print watermark by conditional policy | Required | link | ||
| Context Menu Control | Function to control the right-click menu of the RBI browser on an item-by-item ON/OFF basis for target areas (page background, text, links, images, videos, audio, input fields) — when an item is OFF, the associated shortcut keys are also blocked. | specialization | link | ||
| Sensitive Information Control | Sensitive Information Input Blockage | Function to detect personal information patterns in user input and block transmission (including generative AI services) | specialization | link | |
| Screen Security Settings | Lock Screen Settings | Image and Message Customization | Function to customize the image and guidance message displayed on the lock screen | Selection | link |
| Guide Screen Settings | Image and Text Customization | Function to set images and guidance text for error screens such as system errors and session termination. | Selection | link | |
| Screen Marking Settings | Watermark Design Settings | Function to set display information for screen marking, including font, angle, spacing, and transparency, and provide real-time preview. | Required | link | |
| File Security Policy | File Transfer Policy | Extension · Conditional Control | Function to set differential file upload and download transfer policies by extension, user, and site. | Required | link |
| Clipboard and Print Watermark Control | Function to set clipboard directionality between PC and browser and apply print watermark. | specialization | link | ||
| Desktop and Console Management | Personal Desktop | Access Policy and Status | Function to set and register access condition policies for personal desktops and check the status of Wake-on-LAN (WOL) usage. | Selection | link |
| Server Remote Console | Server Registration and Access Control | Function to register target servers for SSH, VNC, and Telnet and set user-specific access permissions and feature policies. | Selection | link | |
| File Management | Storage Management | Storage and Edge Server Configuration | Function for integrating external storage and registering/managing Edge servers | Selection | link |
| Viewer and Permission Policy | Download and Access Permission Settings | Function to set viewing, editing, uploading, and downloading permissions by download repository policy and access path. | Selection | link | |
| Authentication and Integration | User Authentication | Authentication Integration | Function to set up AD integrated authentication, SSO integration, OTP, and additional email authentication | Required | link |
| Provisioning | User Automatic Synchronization | Function to automatically synchronize users and groups by integrating with external systems | Selection | link | |
| User and Group Management | Account Management | User Registration and Management | Function to individually or batch register users and manage their activation status and passwords | Required | link |
| Group Management | Creating Groups and Applying Policies | Function to create and manage units for organization and policy application groups and their members | Required | link | |
| Admin Settings | Role-Based Access Control | Separation of Administrator Roles and Notifications | Function to refine administrator roles and provide notifications for key activities | Required | link |
| License Management | License Assignment | A feature that assigns licenses automatically or manually based on user activation status. | Selection | link | |
| Account Security | Setting Security Policies | Function to set account security policies such as password rules, change cycles, and automatic logout. | Required | link | |
| System Operation Settings | Menu · PAC · Button Settings | Function to configure the operating environment, such as menu display options, PAC file distribution, custom URL buttons, etc. | Selection | link | |
| Logs and Monitoring | Log Inquiry | System Log | Function to query user and administrator activity logs and support backup, archiving, and integrity verification. | Required | link |
| Generative AI Usage Log | Logging the entire content of queries (Input) and responses (Output) from major generative AI services such as ChatGPT, Claude, Gemini, Grok, and Perplexity, with the ability to filter and view based on AI service, user, duration, and conversation content — this can be used to understand AI usage status by user and for auditing information leaks within the company, with support for downloading in CSV format. | specialization | link | ||
| Log Storage and Integration | Long-term Storage and SIEM Transmission | Store user logs for more than 1 year according to administrator settings, and provide proof of tampering prevention through backups and transmission to SIEM (Security Information and Event Management). | specialization | link | |
| Access Monitoring | Connection Status Dashboard | A feature that provides the status of website access and the operation status of the real-time isolation browser on a dashboard. | Required | link | |
| Connection Quality and Error Management | A feature that measures user-side connection speed and provides an interface for reporting errors. | Selection | link | ||
| System Monitoring | Node Monitoring | Monitoring system resource usage per node in an On-Premise environment | Selection | link |