Function Specification (Overall)
discourse-meta (Read-Only) sync: true topic_id: 779 title: SHIELD Gate Functional Specification
※ Last updated: 2026-06-08
This document is the complete functional specification that integrates two access cases of the SHIELD Gate.
- external→internal: Cases of securely accessing internal work environments from outside (remote work, BYOD, etc.)
- internal → external: A case for securely accessing external internet and SaaS services from an internal work environment
Common management features such as user, group, license, conditional policy, and authentication settings areSecurity365 Management Center Functional Specification DocumentPlease refer to.
RFP Notation Standards
| Notation | meaning | Explanation |
|---|---|---|
| Essential | Common Evaluation Criteria | Required Features Typically Requested in Web Isolation (RBI) Business RFP |
| specialization | Differentiation Items | Unique feature of SHIELD Gate that provides an advantage over competitors — Recommended to add evaluation criteria to the RFP. |
| Selection | Additional Items | Features proposed optionally based on customer requirements |
User Features
| Major Category | Mid-category | sub-category | Detailed Description | RFP notation | spec |
|---|---|---|---|---|---|
| Isolated Browsing | Web Access | Isolated Browser Access | Isolation browser access feature that executes web browsing on the server and streams only the screen to neutralize online threats. | Essential | link |
| Isolated Browsing | Web Access | URL input field | Provide an input field where users can enter a URL to access. | Essential | link |
| Isolated Browsing | Web Access | URL Input Field Search Engine Integration | A feature that automatically links to the search results page of the configured search engine (Google·Naver·Daum·Nate·Bing) when a search term that is not in URL format is entered in the URL input field. | specialization | link |
| Isolated Browsing | Web Access | App Access (Internal Work App) | The feature to access internal work apps through SHIELDGate and set access permissions for each user. | Essential | link |
| Isolated Browsing | Web Access | App Access (External SaaS) | The feature to access external SaaS through SHIELDGate and set user-specific access permissions. | Essential | link |
| Isolated Browsing | Browser Compatibility | Multi-Browser Support | Support features for major browsers such as Chrome, Edge, Firefox, and Safari | Essential | link |
| Isolated Browsing | Browser Compatibility | Advanced Web Feature Support | JavaScript interaction, WebGL 3D rendering, basic browser features such as translation, zooming, right-clicking, etc. | Essential | link |
| Isolated Browsing | Browser Compatibility | Select translation language directly | A feature that allows users to directly select the target language (Korean, English, Japanese, Simplified/Traditional Chinese) from the right-click menu when translating web pages in an isolated browser — the selected language is maintained during the login session. | Selection | link |
| Isolated Browsing | Complete Isolation Architecture | Device Isolation and Code/Data Blocking | ① Direct communication does not occur between the device browser and the corresponding web server, and ② the web server's script and HTML code are not executed on the device, and ③ cookies, temporary files, etc. are not stored on the device at all, resulting in a completely isolated structure. | specialization | link |
| Isolated Browsing | Complete Isolation Architecture | HTTPS Single Port Secure Communication | Connect to the RBI server using standard HTTPS (TCP 443) with a single port and single session without using UDP, and structure for 1:1 transmission without relay servers like TURN — no need for separate firewall port openings or relay infrastructure, ensuring a security level equivalent to or higher than VPN when accessing externally (IAP, etc.) | specialization | link |
| Isolated Browsing | Complete Isolation Architecture | High-Definition Screen Streaming | Immediately upon connection, the keyframes are prioritized for transmission to ensure high quality from the initial screen, and in the event of network jitter, the resolution is automatically adjusted to maintain responsiveness instead of interruptions, providing an intelligent screen transmission feature. | specialization | link |
| Isolated Browsing | Security Plugin Support | Endpoint Broker Technology | Functionality that supports web applications requiring internal communication on PCs, such as banking security programs. | specialization | link |
| Access Permission | Access Environment-Based Permissions | Function to set app and desktop usage permissions based on user location, device, and time conditions | Essential | link | |
| User Behavior Control | Access Control | Access Allow/Deny | A feature that allows or blocks access to target URLs and categories according to conditional policies. | Essential | link |
| User Behavior Control | Access Control | Additional Authentication | Additional identity verification feature through email verification code or OTP verification when access is granted | Essential | link |
| User Behavior Control | Behavior Control | Keyboard input blocking | Function to Block Keyboard Input in Isolated Browser | Essential | link |
| User Behavior Control | Behavior Control | Site Access Block | A feature that blocks page navigation outside the connected domain | Selection | link |
| User Behavior Control | Behavior Control | URL Exposure Control | A feature that controls the visibility of the current access URL in the URL input field based on conditions. | Selection | link |
| User Behavior Control | Behavior Control | Idle Screen Lock | A feature that switches to the lock screen after a set idle time to protect the data on the screen. | Selection | link |
| User Behavior Control | File Transfer Control | Allow/Block Upload | Function to Allow or Block File Uploads in Isolated Browser | Essential | link |
| User Behavior Control | File Transfer Control | Allow/Block Downloads | Feature to Allow or Block File Downloads in Isolated Browser | Essential | link |
| User Behavior Control | File Transfer Control | Extension Control | Function to Control Allowance by Extension for File Upload and Download | Essential | link |
| User Behavior Control | File Transfer Control | Inter-network solution via transmission | Functionality to support file upload and download via an existing network connection solution operating in a network separation environment. | specialization | link |
| User Behavior Control | Clipboard Control | Bidirectional Clipboard Control | Function to control copy/paste direction between the isolated browser and the user PC | Essential | link |
| User Behavior Control | Sensitive Information Control | Block Sensitive Information Input | Function to detect personal information patterns in user input and block transmission (including generative AI services) | specialization | link |
| User Behavior Control | Sensitive Information Control | Generative AI Prompt·Response Full Logging | A feature that allows for complete logging of input prompts and response content when using commercial generative AI. | specialization | link |
| User Behavior Control | Print Control | Print Allow/Block and Watermark | Function to Allow or Block Printing in Isolated Browser — When Allowed, Watermark with User Identifiable Information May Be Applied | Essential | link |
| Screen Security | Security Screen | Blocking and Guidance Screen | Display a blocking notification screen when a policy is blocked, and provide a notification screen in case of technical issues such as connection errors or session termination. | Essential | link |
| Screen Security | Screen Marking | Screen Marking | Function to display user identification information as a watermark on the screen (automatically inserted during screen capture as well) | Essential | link |
| Remote Access | Personal Desktop | Desktop Registration and Remote Access | Registering a personal desktop and accessing it remotely through a web browser — Access conditions policy and support for Wake-on-LAN (WOL) | specialization | link |
| Remote Access | Personal Desktop | Recent Access Desktop Display | A feature that allows direct access to the last used desktop from the GNB. | Selection | link |
| Remote Access | Server Remote Console | Web-based server access | SSH·VNC·Telnet·RDP protocol-based server remote access functionality — command execution and file transfer support, provides OS shortcut key transmission buttons such as Ctrl+Alt+Del when accessing via VNC | specialization | link |
| File Security | File Encryption | Encryption Storage and Key Management | Function to encrypt and store files during upload and dispose of the encryption key when deleting files. | Essential | link |
| File Security | Extension Control | Processing by Extension | Function to control uploads and downloads according to file extension blocking policy | Essential | link |
| File Security | Malware Scanning and Neutralization | Malware Scanning and CDR | A feature that automatically applies malware scanning and CDR (Content Disarm and Reconstruction) processing during file upload and download. | Essential | link |
| File Security | Sensitive Information Detection | Automatic Sensitive Information Detection | A feature that automatically detects personal information in files and blocks transmission. | Essential | link |
| File Security | Document Viewer Integration | SHIELD Viewer Integration | Function to provide read-only preview through SHIELD Viewer when downloading files | Essential | link |
| File Management | Storage Integration | External Storage and Edge Server | Integration features for external storage such as NAS, OneDrive, Google Drive, and Edge server-based local storage | Selection | link |
| File Management | Document Editing | Collaborative Editing | MS365·Google Docs·Hancom Web·S3/NAS based document collaboration feature | Selection | link |
| File Management | Document Editing | Read-Only Access | Read-only document viewing feature through SHIELD Viewer | Selection | link |
| File Management | Teams Integration | Teams File Integration | Functionality that supports file viewing, uploading, editing, and team-based tab access within the Teams app. | Selection | link |
| File Management | File Sharing | Sharing and Permission Management | URL link sharing, specifying the sharer, and permission settings, managing shared folders | Selection | link |
| File Management | Exploration · Classification · Collaboration | Exploration and Classification | File and Folder Search, Tagging, Bookmarking, Pinning Important Items to the Top Function | Selection | link |
| File Management | Exploration · Classification · Collaboration | Collaboration and History | Document comment writing, file change notification subscription, viewing, editing, and downloading history confirmation feature | Selection | link |
| File Management | Deletion Policy | Delete File Management | Automatically delete files after retaining them for a certain period and set the retention period for the file cabinet. | Selection | link |
| SaaS Support | SaaS Compatibility | Microsoft 365 | Features supporting M365 services such as Teams, Office365, Word, PowerPoint, and SSO | Essential | link |
| SaaS Support | SaaS Compatibility | Video Conference | Support for voice, video, and screen sharing features of video conferencing platforms such as Teams, Zoom, etc. | Essential | link |
| SaaS Support | SaaS Compatibility | Video Streaming | Video streaming and DRM protected content playback support features | specialization | link |
| Interface | UI and Menu | Hide/Show Top Bar | A feature that hides or expands the top bar to support full-screen viewing and immersive browsing. | Selection | link |
| Interface | UI and Menu | Home Menu and GNB Shortcut | Setting the home menu usage and displaying/fixing recently accessed apps·URLs in the GNB | Selection | link |
| Interface | UI and Menu | URL bookmark (favorites) | A feature to save frequently accessed URLs as bookmarks in the isolation browser and reconnect with a single click from the home screen or top bar — supports adding bookmarks from the URL input field, displaying name, URL, and date added, and changing order via drag and drop. | Selection | link |
| Interface | UI and Menu | Custom URL Button | Add a button for calling external URLs in the top bar and a feature to pass user information as parameters. | Selection | link |
Admin Features
| Major Category | Mid-category | sub-category | Detailed Description | RFP notation | spec |
|---|---|---|---|---|---|
| Isolation Browser Control | Access Control Policy | Policy Management | Function to create, modify, delete, and manage the priority of access control policies for each member's work system. | Essential | link |
| Isolation Browser Control | Access Control Policy | Members and Conditions Settings | Function to designate the members subject to policy application and set conditions for location, time, and device. | Essential | link |
| Isolation Browser Control | Access Control Policy | Allow access to the business system | Function to individually set the accessibility of the app menu and URL input field menu | Essential | link |
| Isolation Browser Control | Access Control Policy | Maximum Tab Count Limit | A feature that controls the maximum number of tabs that can be opened simultaneously in an isolated browser. | Selection | link |
| Isolation Browser Control | Session Management | Real-time session monitoring | A feature to view the resource status and tab information of all user sessions currently connected in real-time. | Essential | link |
| Isolation Browser Control | Session Management | Session Forced Termination | Function to forcefully terminate the selected session immediately or with a delay — input for termination reason (required), countdown warning displayed on user screen, simultaneous termination of all tabs, automatic saving of termination records supported | specialization | link |
| Access Control | App and URL Management | App Access Settings | Function to register apps accessible through SHIELDGate and set user-specific access permissions | Essential | link |
| Access Control | App and URL Management | URL List · Group Management | A feature that registers and manages access control target URLs and groups them for use as a unit for policy application. | Essential | link |
| Access Control | App and URL Management | Manage Movable URL | Function to register and control movable URLs in a specific SaaS | Selection | link |
| Access Control | Web Category Management | Category View·Edit·Rollback | Function to check the category classification of the website and either customize it or restore it to default. | Essential | link |
| Access Control | Web Category Management | Automatic Classification | Automatically classify web categories for new URLs accessed by users and register them in the database — automatic mapping among over 100 standard categories of SHIELDGate, with the ability for administrators to view classification results and make custom changes. | specialization | link |
| Access Control | Connection Environment Control | Connection Condition Registration | A feature to register user access environment (IP, device, time, etc.) conditions and set app and desktop access permissions. | Essential | link |
| Conditional Policy | Policy Management | Policy Creation, Modification, Deletion | A feature that supports adding, editing, and deleting conditional policies, adjusting priorities, importing and exporting, and setting expiration dates. | Essential | link |
| Conditional Policy | Policy Management | Basic Policy Settings | Function to automatically apply pre-set defaults for condition, execution policy, and isolation security policy when registering a new conditional policy — independent default management by menu, support for initializing existing registered policies to defaults. | Essential | link |
| Conditional Policy | Policy Management | Unused Policy Automatic Deactivation | A feature that automatically deactivates conditional policies that have not been applied (heated) during the standard period set by the administrator and records the reason and timing of deactivation — helps prevent unnecessary policy accumulation and supports audit tracking. | specialization | link |
| Conditional Policy | Policy Management | Policy Integrated Search | Integrated search function to search policies by various criteria such as member (name, email, group), target site, conditions, and usage status in the conditional policy list — supports priority change while maintaining search filter state. | Essential | link |
| Conditional Policy | Policy Management | Importing and Exporting Policies | Send conditional policies as a JSON (single) or ZIP (multiple) file, and the function to import and register backup files. | Selection | link |
| Conditional Policy | Policy Management | Policy Application Status Inquiry | Function to query policies that were actually applied (heating) and those that were not applied by period, sorted by the number of applications and the most recent application date — Excel download support | specialization | link |
| Conditional Policy | Policy Management | Policy Status Excel Download | Function to download all registered policies or search results as an Excel (.xlsx) file (provided separately from JSON backup) | Selection | link |
| Conditional Policy | Target Application | Member Settings | Function to specify policy application members and separately set exclusion members | Essential | link |
| Conditional Policy | Target Application | Target Site Settings | Function to select the target of policy application among the entire site, registered sites/groups, and web categories. | Essential | link |
| Conditional Policy | Connection Conditions | Location, Time, Device Conditions | A feature that sets the policy application environment by combining location, time, and device conditions. | Essential | link |
| Conditional Policy | Access Policy | Access Allow/Deny and Additional Authentication | Function to set URL access blocking or allowing and configure email·OTP additional authentication | Essential | link |
| Conditional Policy | Behavior Control | Keyboard · Site Navigation · URL Exposure | Function to control keyboard input, block external domain navigation, and set URL exposure based on conditions. | Essential | link |
| Conditional Policy | Behavior Control | File Upload and Download Control | Function to set whether file upload and download are allowed, along with conditions for file extensions and storage. | Essential | link |
| Conditional Policy | Behavior Control | Clipboard · Screen Lock | Function to Control Clipboard Direction Between Isolated Browser and PC and Set Idle Lock Screen | Essential | link |
| Conditional Policy | Behavior Control | Screen Marking · Printing Watermark | Function to set the application of screen marking and print watermark by conditional policy | Essential | link |
| Conditional Policy | Behavior Control | Context Menu Control | Function to control the right-click menu of the RBI browser on an item-by-item ON/OFF basis for target areas (page background, text, links, images, videos, audio, input fields) — when an item is OFF, the associated shortcut keys are also blocked. | specialization | link |
| Conditional Policy | Sensitive Information Control | Block Sensitive Information Input | Function to detect personal information patterns in user input and block transmission (including generative AI services) | specialization | link |
| Screen Security Settings | Lock Screen Settings | Image and Message Customization | Function to customize the image and guidance message displayed on the lock screen | Selection | link |
| Screen Security Settings | Guide Screen Settings | Image and Text Customization | Function to set the images and guidance text for the error screen, session termination, etc. | Selection | link |
| Screen Security Settings | Screen Marking Settings | Watermark Design Settings | Function to set display information of screen marking, including font, angle, spacing, and transparency, and provide real-time preview. | Essential | link |
| File Security Policy | File Transfer Policy | Extension · Conditional Control | A feature that allows differential settings for file upload and download transfer policies by extension, user, and site. | Essential | link |
| File Security Policy | File Transfer Policy | Clipboard and Print Watermark Control | Function to set clipboard directionality between PC and browser and apply print watermark. | specialization | link |
| Desktop·Console Management | Personal Desktop | Access Policy and Status | Function to set and register access condition policies for personal desktops and to check the usage status of WOL. | Selection | link |
| Desktop·Console Management | Server Remote Console | Server Registration and Access Control | Function to register target servers for SSH, VNC, Telnet, and RDP and set user-specific access permissions and feature policies — Support for setting up shortcut key transmission when accessing VNC | Selection | link |
| File Management | Storage Management | Storage and Edge Server Configuration | Function to integrate external storage and register/manage Edge servers | Selection | link |
| File Management | Viewer·Permission Policy | Download and Access Permission Settings | Function to set viewing, editing, uploading, and downloading permissions by download repository policy and access path | Selection | link |
| Authentication and Integration | User Authentication | Authentication Integration | Function to set up AD integrated authentication, SSO integration, OTP, and additional email authentication. | Essential | link |
| Authentication and Integration | Provisioning | User Automatic Synchronization | Function to automatically synchronize users and groups by integrating with external systems | Selection | link |
| User·Group Management | Account Management | User Registration and Management | Function to individually or batch register users and manage activation status and passwords | Essential | link |
| User·Group Management | Group Management | Group Creation and Policy Application | Function to create and manage units for organization and policy application and manage members | Essential | link |
| Administrator Settings | Role-based permissions | Separation of Administrator Roles and Notifications | Function to refine administrator roles and provide notifications for key activities | Essential | link |
| Administrator Settings | License Management | License Assignment | A feature that automatically or manually assigns licenses based on user activation status. | Selection | link |
| Administrator Settings | Account Security | Security Policy Settings | Function to set account security policies such as password rules, change cycles, and automatic logout. | Essential | link |
| Administrator Settings | System Operation Settings | Menu·PAC·Button Settings | Function to configure the operating environment, such as menu display options, PAC file distribution, custom URL buttons, etc. | Selection | link |
| Logs and Monitoring | Log Inquiry | System Log | Function to view user and administrator activity logs, support for backup, archiving, and integrity verification. | Essential | link |
| Logs and Monitoring | Log Inquiry | Generative AI Usage Log | Logging the entire content of queries (Input) and responses (Output) from major generative AI services such as ChatGPT, Claude, Gemini, Grok, and Perplexity, with the ability to filter and view based on AI service, user, duration, and conversation content — can be used to understand AI usage status by user and for auditing information leaks within the company, and supports downloading in CSV format. | specialization | link |
| Logs and Monitoring | Log Storage and Integration | Long-term Storage and SIEM Transmission | Store user logs for more than 1 year according to administrator settings, and provide proof of tampering prevention through backups and transmission to SIEM (Security Information and Event Management) functionality. | specialization | link |
| Logs and Monitoring | Access Monitoring | Connection Status Dashboard | Function to provide website access status and real-time isolation browser operation status on a dashboard | Essential | link |
| Logs and Monitoring | Access Monitoring | Connection Quality and Error Management | Function to measure user-side access speed and provide a reporting interface in case of errors | Selection | link |
| Logs and Monitoring | System Monitoring | Node Monitoring | Function to monitor system resource usage per node in an On-Premise environment | Selection | link |