Function Specification (External → Internal Access)
※ Last updated: 2026-04-02
This document is a functional specification for securely accessing the internal work environment from outside (remote work, BYOD, etc.).
Common management features such as user, group, license, conditional policy, and authentication settings areSecurity365 Management Center Functional SpecificationPlease refer to.
RFP Notation Standards
| Notation | Meaning | Description |
|---|---|---|
| Required | Common Evaluation Criteria | Commonly Required Features in Web Isolation (RBI) Business RFP |
| Specialization | Differentiation Items | Unique features of SHIELD Gate provide an advantage over competitors —Recommendation to Add Evaluation Criteria to the RFP |
| Selection | Additional Items | Features proposed optionally based on customer requirements |
User Features
| Major Category | Subcategory | subcategory | Detailed description | RFP notation | specifications |
|---|---|---|---|---|---|
| Isolated Browsing | Web Access | Isolated Browser Access | Isolation browser access feature that executes web browsing on the server and streams only the screen to neutralize online threats. | Required | [Link](../../internal documents/planning/4.function specifications/isolation browser access.md) |
| URL input field | Provide an input field where users can directly enter a URL to access. | Required | [Link](../../internal documents/planning/4.function specifications/URL input field.md) | ||
| URL Input Field Search Engine Integration | A feature that automatically links to the search results page of the configured search engine (Google, Naver, Daum, Nate, Bing) when a search term that is not in URL format is entered in the URL input field. | Specialization | [Link](../../internal documents/planning/4.function specifications/URL input field search engine integration.md) | ||
| App Access | The feature to access internal work apps through SHIELDGate and set user-specific access permissions. | Required | [Link](../../internal documents/planning/4.function specifications/app access (internal work app).md) | ||
| Browser Compatibility | Multi-Browser Support | Support features for major browsers such as Chrome, Edge, Firefox, and Safari | Required | [Link](../../Internal Documents/Planning/4.Function Specifications/Multi-Browser Support.md) | |
| Support for Advanced Web Features | JavaScript interaction, WebGL 3D rendering, basic browser features such as translation, zooming, and right-clicking. | Required | [Link](../../internal documents/planning/4.function specifications/advanced web feature support.md) | ||
| Fully Isolated Architecture | Device Isolation and Code/Data Blocking | ① There is no direct communication between the device browser and the corresponding web server, ② the script and HTML code of the web server do not execute on the device, and ③ cookies, temporary files, etc. are not stored on the device at all, resulting in a completely isolated structure. | Specialization | [Link](../../internal documents/planning/4.function specifications/device isolation and code·data blocking.md) | |
| HTTPS Single Port Secure Communication | Connect to the RBI server using standard HTTPS (TCP 443) with a single port and single session without using UDP, and transmit 1:1 without relay servers such as TURN — no need for separate firewall port openings or relay infrastructure, ensuring a security level equivalent to or higher than VPN when accessing externally (such as IAP). | Specialization | [Link](../../Internal Documents/Planning/4.Function Specifications/HTTPS Single Port Secure Communication.md) | ||
| High-Quality Screen Streaming | An intelligent screen transmission feature that prioritizes sending keyframes immediately upon connection to ensure high quality from the initial screen, and automatically adjusts the resolution in the event of network jitter to maintain responsiveness instead of interruptions. | Specialization | [Link](../../internal-docs/planning/4.feature-specifications/high-definition-screen-streaming.md) | ||
| Security Plugin Support | Endpoint Broker Technology | Functionality that supports web applications requiring internal communication on PCs, such as banking security programs. | Specialization | [Link](../../internal documents/planning/4.function specifications/endpoint broker technology.md) | |
| Access Permissions | Access Environment-Based Permissions | A feature that sets app and desktop usage permissions based on user location, device, and time conditions. | Required | [Link](../../internal documents/planning/4.function specifications/access environment-based permissions.md) | |
| User Behavior Control | Access Control | Access Allow/Deny | A feature that allows or blocks access to target URLs and categories based on conditional policies. | Required | [Link](../../internal documents/planning/4.function specifications/access permission block.md) |
| Additional Authentication | Additional identity verification feature through email verification code or OTP authentication when access is granted | Required | [Link](../../internal documents/planning/4.function specifications/additional authentication.md) | ||
| Behavior Control | Keyboard Input Blocking | A feature that blocks keyboard input in the isolated browser | Required | [Link](../../internal documents/planning/4.function specifications/blocking keyboard input.md) | |
| Site Navigation Blockage | A feature that blocks page navigation to external domains. | Selection | [Link](../../internal documents/planning/4.feature specifications/site access restriction.md) | ||
| URL Exposure Control | A feature that controls the visibility of the current access URL in the URL input field based on conditions. | Selection | [Link](../../internal documents/planning/4.feature specifications/URL exposure control.md) | ||
| Idle Screen Lock | A feature that switches to the lock screen after a set idle time to protect data on the screen. | Selection | [Link](../../internal documents/planning/4.function specifications/idle screen lock.md) | ||
| File Transfer Control | Allow/Block Uploads | Feature to Allow or Block File Uploads in Isolated Browser | Required | [Link](../../internal documents/planning/4.function specifications/upload allow/block.md) | |
| Allow/Block Downloads | Feature to Allow or Block File Downloads in Isolated Browser | Required | [Link](../../internal documents/planning/4.function specifications/download permission block.md) | ||
| Extension Control | Function to control the allowance of file extensions during upload and download | Required | [Link](../../internal-docs/planning/4.function-spec/extension-control.md) | ||
| Transmission via Interconnected Solutions | A feature that supports file upload and download through an existing network connection solution operating in a network separation environment. | Specialization | [Link](../../internal documents/planning/4.function specifications/network linkage solution transmission.md) | ||
| Clipboard Control | Bidirectional Clipboard Control | A feature that controls copy/paste direction between the isolated browser and the user PC. | Required | [Link](../../internal-docs/planning/4.function-specs/bidirectional-clipboard-control.md) | |
| Sensitive Information Control | Blocking Sensitive Information Input | A feature that detects personal information patterns in user input and blocks transmission. | Specialization | [Link](../../internal documents/planning/4.function specifications/blocking sensitive information input.md) | |
| Print Control | Print Allow/Block and Watermark | Feature to Allow or Block Printing in Isolated Browser — Watermark with User Identifiable Information May Be Applied When Allowed | Required | [Link](../../internal documents/planning/4.function specifications/printing policy.md) | |
| Screen Security | Security Screen | Blocking and Guidance Screen | A feature that displays a blocking notification screen when a policy is blocked and provides a notification screen in case of technical issues such as connection errors or session termination. | Required | [Link](../../internal documents/planning/4.function specifications/blocking·guidance screen.md) |
| Screen Marking | Screen Marking | Function to display user identification information as a watermark on the screen (automatically inserted during screen capture as well) | Required | [Link](../../internal documents/planning/4.function specifications/screen marking.md) | |
| Remote Access | Personal Desktop | Desktop Registration and Remote Access | Registering a personal desktop and accessing it remotely through a web browser — Access condition policy and support for Wake on LAN (WOL) | Specialization | [Link](../../internal documents/planning/4.function specifications/desktop registration and remote access.md) |
| Recently Accessed Desktop Display | A feature that allows direct access to the last used desktop from the GNB. | Selection | [Link](../../internal documents/planning/4.function specifications/recent access desktop display.md) | ||
| Server Remote Console | Web-based server access | Server Remote Access Function Based on SSH·VNC·Telnet Protocols — Command Execution and File Transfer Support | Specialization | [Link](../../internal documents/planning/4.function specifications/web-based server access.md) | |
| File Security | File Encryption | Encryption Storage and Key Management | Function to encrypt and store files during upload and dispose of the encryption key when deleting files. | Required | [Link](../../internal documents/planning/4.function specifications/encryption storage and key management.md) |
| Extension Control | Handling by Extension | Function to control uploads and downloads according to file extension blocking policy | Required | [Link](../../internal documents/planning/4.function specifications/processing by extension.md) | |
| Malware Scanning and Disinfection | Malware Scanning and CDR | A feature that automatically applies malware scanning and CDR (Content Disarm and Reconstruction) processing during file upload and download. | Required | [Link](../../internal documents/planning/4.function specifications/malware scanning and CDR.md) | |
| Sensitive Information Detection | Automatic Sensitive Information Detection | A feature that automatically detects personal information within files and blocks transmission. | Required | [Link](../../Internal Documents/Planning/4.Function Specifications/Sensitive Information Automatic Detection.md) | |
| Document Viewer Integration | SHIELD Viewer Integration | Function to provide read-only previews through SHIELD Viewer when downloading files | Required | [Link](../../internal documents/planning/4.function specifications/SHIELD Viewer integration.md) | |
| File Management | Storage Integration | External Storage and Edge Server | Integration features for external storage such as NAS, OneDrive, Google Drive, and Edge server-based local storage. | Selection | [Link](../../internal documents/planning/4.function specifications/external storage and Edge server.md) |
| Document Editing | Collaborative Editing | MS365·Google Docs·Hancom Web·S3/NAS-based document collaboration feature | Selection | [Link](../../Internal Documents/Planning/4.Function Specifications/Collaborative Editing.md) | |
| Read-Only View | Read-Only Document Viewing Functionality through SHIELD Viewer | Selection | [Link](../../internal documents/planning/4.function specifications/read-only access.md) | ||
| Teams Integration | Teams File Integration | Features that support file viewing, uploading, editing, and team-based tab access within the Teams app | Selection | [Link](../../internal documents/planning/4.function specifications/Teams file integration.md) | |
| File Sharing | Sharing and Permission Management | URL link sharing, specifying the sharer, and setting permissions, managing shared folders | Selection | [Link](../../internal documents/planning/4.function specifications/sharing and permission management.md) | |
| Exploration · Classification · Collaboration | Exploration and Classification | File and folder search, tagging, bookmarking, pinning important items to the top feature | Selection | [Link](../../internal documents/planning/4.function specifications/exploration and classification.md) | |
| Collaboration and History | Document comment writing, file change notification subscription, viewing, editing, and downloading history check features | Selection | [Link](../../internal documents/planning/4.function specifications/collaboration and history.md) | ||
| Deletion Policy | Deleted File Management | A feature that automatically deletes files after retaining them for a certain period and allows setting the retention period for the file folder. | Selection | [Link](../../internal documents/planning/4.function specifications/deletion file management.md) | |
| Interface | UI and Menu | Hide/Show Top Bar | A feature that allows you to hide or expand the top bar to support full-screen viewing and immersive browsing. | Selection | [Link](../../Internal Documents/Planning/4.Function Specifications/Hide and Show Top Bar.md) |
| Home Menu and GNB Shortcuts | Setting the Home Menu Usage and Displaying/Fixing Recently Accessed Apps and URLs in the GNB | Selection | [Link](../../internal documents/planning/4.function specifications/home menu and GNB shortcuts.md) | ||
| Custom URL Button | Adding a button to the top bar for calling external URLs and passing user information as parameters | Selection | [Link](../../Internal Documents/Planning/4.Function Specifications/Custom URL Button.md) |
Admin Features
| Major Category | Subcategory | subcategory | Detailed description | RFP notation | specifications |
|---|---|---|---|---|---|
| Isolated Browser Control | Access Control Policy | Policy Management | Function to create, modify, delete, and manage the priority of access control policies for each member's work system. | Required | [Link](../../internal documents/planning/4.function specifications/policy management.md) |
| Member and Condition Settings | Function to designate the members subject to policy application and set conditions for location, time, and device. | Required | [Link](../../internal documents/planning/4.function specifications/member and condition settings.md) | ||
| Access to Business System | A feature to individually set the accessibility of the app menu and URL input field menu. | Required | [Link](../../internal documents/planning/4.function specifications/access permission for business system.md) | ||
| Maximum Tab Count Limit | A feature that controls the maximum number of tabs that can be opened simultaneously in an isolated browser. | Selection | [Link](../../internal documents/planning/4.function specifications/maximum tab limit.md) | ||
| Session Management | Real-time Session Monitoring | Real-time query function for resource status and tab information of all user sessions currently connected. | Required | [Link](../../internal documents/planning/4.function specifications/real-time session monitoring.md) | |
| Session Force Logout | Function to forcibly terminate the selected session immediately or with a grace period — input for termination reason (required), countdown warning displayed on user screen, simultaneous termination of all tabs, automatic saving of termination records supported | Specialization | [Link](../../internal-docs/planning/4.function-spec/session-forced-termination.md) | ||
| Access Control | App and URL Management | App Access Settings | Function to register apps accessible through SHIELDGate and set user-specific access permissions | Required | [Link](../../internal documents/planning/4.function specifications/app access settings.md) |
| URL List · Group Management | A feature that allows you to register and manage access control target URLs and group them for use as a policy application unit. | Required | [Link](../../internal documents/planning/4.function specifications/URL list·group management.md) | ||
| Manage Movable URLs | Function to register and control movable URLs in a specific SaaS | Selection | [Link](../../internal documents/planning/4.function specifications/movable URL management.md) | ||
| Connection Environment Control | Connection Condition Registration | A feature to register user access environment conditions (IP, device, time, etc.) and set app and desktop access permissions. | Required | [Link](../../internal documents/planning/4.function specifications/access condition registration.md) | |
| Conditional Policy | Policy Management | Policy Creation, Modification, Deletion | A feature that supports adding, editing, and deleting conditional policies, adjusting priorities, importing and exporting, and setting expiration dates. | Required | [Link](../../internal documents/planning/4.function specifications/policy creation·modification·deletion.md) |
| Importing and Exporting Policies | Export conditional policies as a JSON (single) or ZIP (multiple) file, and the ability to import and register backup files. | Selection | [Link](../../internal documents/planning/4.function specifications/policy import·export.md) | ||
| Policy Application Status Inquiry | Function to query policies that were actually applied (heating) and those that were not applied by period, sorted by the number of applications and the most recent application date — Excel download support | Specialization | [Link](../../Internal Documents/Planning/4.Functional Specifications/Policy Application Status Inquiry.md) | ||
| Download Policy Status Excel | Function to download all registered policies or search results as an Excel (.xlsx) file (provided separately from JSON backup) | Selection | [Link](../../internal documents/planning/4.function specifications/policy status Excel download.md) | ||
| Target Application | Member Settings | Function to designate policy application members and separately configure exclusion members | Required | [Link](../../internal-docs/planning/4.feature-spec/member-settings.md) | |
| Target Site Settings | Function to select the target of policy application among the entire site, registered sites, and groups | Required | [Link](../../internal documents/planning/4.function specifications/target site settings.md) | ||
| Connection Conditions | Location, Time, Device Conditions | A feature that sets the policy application environment by combining location, time, and device conditions. | Required | [Link](../../internal documents/planning/4.function specifications/location·time·device conditions.md) | |
| Access Policy | Access Allow/Block and Additional Authentication | Function to set URL access blocking or allowing and configure email·OTP additional authentication | Required | [Link](../../internal documents/planning/4.function specifications/access allowance and blocking and additional authentication.md) | |
| Behavior Control | Keyboard · Site Navigation · URL Exposure | Function to control keyboard input, block external domain navigation, and set URL exposure based on conditions | Required | [Link](../../internal documents/planning/4.function specifications/keyboard·site navigation·URL exposure.md) | |
| File Upload and Download Control | Function to set whether file upload and download is allowed, along with conditions for file extensions and storage. | Required | [Link](../../internal documents/planning/4.function specifications/file upload·download control.md) | ||
| Clipboard · Screen Lock | Function to Control Clipboard Direction Between Isolated Browser and PC and Set Idle Lock Screen | Required | [Link](../../internal documents/planning/4.function specifications/clipboard·screen lock.md) | ||
| Screen Marking · Printing Watermark | Function to set whether to apply screen marking and print watermark by conditional policy | Required | [Link](../../internal documents/planning/4.function specifications/screen marking·printing watermark.md) | ||
| Context Menu Control | Function to control the right-click menu of the RBI browser on an item-by-item basis (page background, text, links, images, videos, audio, input fields) for the target area — when an item is OFF, the associated shortcut keys are also blocked. | Specialization | [Link](../../internal documents/planning/4.function specifications/context menu control.md) | ||
| Sensitive Information Control | Blocking Sensitive Information Input | A feature that detects personal information patterns in user input and blocks transmission. | Specialization | [Link](../../internal documents/planning/4.function specifications/blocking sensitive information input.md) | |
| Screen Security Settings | Lock Screen Settings | Image and Message Customization | Function to customize the image and guidance message displayed on the lock screen | Selection | [Link](../../internal documents/planning/4.function specifications/image·message customization.md) |
| Guide Screen Settings | Image and Text Customization | Function to set images and guidance text for error screens such as system errors and session termination. | Selection | [Link](../../internal documents/planning/4.function specifications/image·text customization.md) | |
| Screen Marking Settings | Watermark Design Settings | Function to set display information, font, angle, spacing, and transparency of screen marking and provide real-time preview. | Required | [Link](../../internal documents/planning/4.function specifications/watermark design settings.md) | |
| File Security Policy | File Transfer Policy | Extension · Conditional Control | Function to set differential file upload and download transfer policies by extension, user, and site. | Required | [Link](../../internal documents/planning/4.function specifications/extension·conditional control.md) |
| Clipboard and Print Watermark Control | Function to set clipboard directionality between PC and browser and apply print watermarks. | Specialization | [Link](../../internal documents/planning/4.function specifications/clipboard·print watermark control.md) | ||
| Desktop and Console Management | Personal Desktop | Access Policy and Status | Function to set and register access condition policies for personal desktops and check the status of Wake-on-LAN (WOL) usage. | Selection | [Link](../../internal documents/planning/4.function specifications/access policies and status.md) |
| Server Remote Console | Server Registration and Access Control | Function to register SSH·VNC·Telnet target servers and set user-specific access permissions and feature policies. | Selection | [Link](../../Internal Documents/Planning/4.Function Specifications/Server Registration and Access Control.md) | |
| File Management | Storage Management | Storage and Edge Server Configuration | Function to integrate external storage and register/manage Edge servers | Selection | [Link](../../internal documents/planning/4.function specifications/storage and Edge server settings.md) |
| Viewer and Permission Policy | Download and Access Permission Settings | Function to set viewing, editing, uploading, and downloading permissions by download repository policy and access path. | Selection | [Link](../../Internal Documents/Planning/4.Function Specifications/Download and Access Permission Settings.md) | |
| Authentication and Integration | User Authentication | Authentication Integration | Function to set up AD integrated authentication, SSO integration, OTP, and additional email authentication. | Required | [Link](../../internal documents/planning/4.function specifications/authentication integration.md) |
| Provisioning | User Automatic Synchronization | Function to automatically synchronize users and groups by integrating with external systems. | Selection | [Link](../../internal documents/planning/4.function specifications/user auto synchronization.md) | |
| User and Group Management | Account Management | User Registration and Management | Function to individually or batch register users and manage their activation status and passwords. | Required | [Link](../../internal documents/planning/4.function specifications/user registration·management.md) |
| Group Management | Group Creation and Policy Application | Function to create and manage units for organization and policy application and manage members | Required | [Link](../../internal documents/planning/4.function specifications/group creation and policy application.md) | |
| Administrator Settings | Role-based permissions | Separation of Administrator Roles and Notifications | Function to refine administrator roles and provide notifications when key activities occur | Required | [Link](../../internal documents/planning/4.function specifications/admin role separation and notifications.md) |
| License Management | License Assignment | A feature that assigns licenses automatically or manually based on user activation status. | Selection | [Link](../../internal documents/planning/4.function specifications/license allocation.md) | |
| Account Security | Security Policy Configuration | Function to set account security policies such as password rules, change cycles, and automatic logout. | Required | [Link](../../internal documents/planning/4.feature specifications/security policy settings.md) | |
| System Operation Settings | Menu · PAC · Button Settings | Function to configure the operating environment, such as menu display options, PAC file distribution, and custom URL buttons. | Selection | [Link](../../internal documents/planning/4.function specifications/Chrome Extension based access management (PAC alternative).md) | |
| Logs and Monitoring | Log Inquiry | System Log | Function to view user and administrator activity logs, support for backup, archiving, and integrity verification. | Required | [Link](../../internal documents/planning/4.function specifications/system log.md) |
| Log Storage and Integration | Long-term Storage and SIEM Transmission | Store user logs for more than one year according to administrator settings, with features for proof of tamper prevention through backups and transmission to SIEM (Security Information and Event Management). | Specialization | [Link](../../internal documents/planning/4.function specifications/long-term storage and SIEM transmission.md) | |
| Access Monitoring | Connection Status Dashboard | A feature that provides website access status and real-time isolated browser operation status on a dashboard. | Required | [Link](../../internal documents/planning/4.function specifications/access status dashboard.md) | |
| Connection Quality and Error Management | A feature that measures user-side connection speed and provides an interface for reporting errors. | Selection | [Link](../../internal documents/planning/4.function specifications/access quality and error management.md) | ||
| System Monitoring | Node Monitoring | Monitoring system resource usage per node in an On-Premise environment | Selection | [Link](../../internal documents/planning/4.function specifications/node monitoring.md) |