Skip to content
Sonarprint
Trust layer • Continuous Trust Decision

Recognize who's trustworthy. Challenge only who needs it.

Sonarprint is a trust layer that assesses the risk of every access in real time and returns a continuous, explainable Trust Decision. Your MFA stays in place and now steps in at the right moment, without bothering legitimate users. Fewer challenges for the good user, more of a barrier for the fraudster.

Why Sonarprint?

Fraudsters replicate identity. They don't replicate possession, proximity and context.

Passwords, SMS codes and biometrics confirm who the user claims to be, but passwords leak, get shared and get bypassed. Sonarprint adds something the fraudster cannot imitate: the presence of the right device, in the right place, at the right time.

By combining a collaborative network, location intelligence and behavioral patterns, the trust layer turns the physical world into continuous proof of trust, without exposing personal data. The practical result: the good user passes through with no friction and your MFA only shows up when it truly makes a difference.

We don't talk about binary authentication. We talk about risk, continuity and trust.

The premise of Sonarprint

Instead of a yes or no at login, Sonarprint tracks the risk of every interaction and returns a clear recommendation to your team. It's continuous trust based on signals of proximity, context and behavior — without biometrics and without personal data.

The trust layer

The pillars of the Trust Decision.

DeviceKey, in-app identity and context signals combine into a single decision: continuous, explainable and adjustable by policy. Behind each pillar, the layer evaluates countless signals.

DeviceKey: the device's identity

DeviceKey: the device's identity

A unique, stable identity that the app creates for each device, independent of who is logged in. It survives logout, reinstallation and SIM swap, without exposing sensitive device identifiers or personal data.

Location signals

Location signals

Daytime and nighttime address, presence of nearby devices and impossible travel. Everything organized by region, never as an exact coordinate.

In-app identity

In-app identity

An anonymous code for the already-authenticated user, which the partner sends and we link to the DeviceKey to enrich the analysis, without revealing who they are.

Trust Decision

Trust Decision

The final decision — allow, challenge or block — continuous and explainable, with risk alerts and the signals that back it.

What the layer observes

Countless signals, from what's around to the device environment.

Sonarprint doesn't decide based on a single data point. It combines countless signals, from what surrounds the user to the environment of the app and the device itself, to measure trust continuously, without asking anything of the good user.

Surroundings (proximity)

Trusted devices and points nearby, co-location and physical presence that confirm possession at the moment of access.

Location and routine

Daytime and nighttime address, impossible travel and routine anomalies, always by region and never as an exact coordinate.

App environment

App integrity, signs of tampering, emulators and automation, plus usage patterns within the app itself.

Device environment

Stable device characteristics, root/jailbreak, risky settings and the consistency of these signals over time.

Device possession and identity

The DeviceKey, a unique, stable identity that survives logout, reinstallation and SIM swap.

Behavior

Rhythm, habits and interaction patterns over time, which the fraudster cannot replicate at scale.

None of these signals expose personal data, exact location or biometrics. They are post-processed and combined into a single Trust Decision, explainable and auditable.

How Sonarprint arrives at the Trust Decision

  1. 01

    The app senses the surrounding context

    Proximity, possession and device-environment signals, read lightly and without weighing down the device.

  2. 02

    The network confirms presence

    It cross-references trusted proximity points and organizes context by region, without using exact location.

  3. 03

    Behavior and routine

    Daytime and nighttime address, the consistency of habits and routine anomalies become signals for each device.

  4. 04

    An explainable decision

    The result is the Trust Decision: allow, challenge or block that interaction.

How the layer decides

It allows, challenges or blocks, always with evidence.

The Sonarprint layer fits into your flows without requiring any structural change. It follows the context, assesses the risk and guides the access decision. It doesn't replace your MFA: it avoids triggering it when trust is high and reinforces it exactly when a risk signal appears. Fewer challenges for the good user, more of a barrier for the rest.

High trust

Allow

Known device, recognized user and location consistent with the routine. The flow proceeds with no friction.

Medium trust

Challenge

Ambiguous signals, such as a new device, travel or something out of the routine. The action is routed to the partner's own MFA.

Low trust

Block

An already-blocked device, an identity used in many places or a clear fraud pattern. The action is refused and recorded.

Always

Record

Every decision is recorded (device, identity, signals and action), ready for auditing in the partner's systems.

Trust Decision configuration

You're the one who builds the Trust Decision.

The Trust Decision isn't a black box of ours: the rules are defined by you. Every decision is guided by policies that your team builds, versions and audits, in the visual editor or as a versioned policy. You combine the criteria, choose the action for each band and decide exactly when your MFA steps in, with no code.

Rules built by you

In the visual builder you drag and combine criteria for each action. An example of a customer's configuration:

Allow

When ALL are true

Trusted device +App is not a fresh install +Common daytime address or common nighttime address +At least 1 nearby peer already seen
Request challenge (MFA)

When ANY is true

New device ouNew install ouNo nearby device seen
Block

When ANY is true

Use on emulator ouDeviceKey on block list

The criteria are built by the customer: visually, in the editor, or as a versioned policy in the repository. You define what counts as trusted, ambiguous or risky.

Allow

High trust

Known device, recognized user and context consistent with the routine. Access proceeds with no friction and no challenge.

Challenge

Medium trust

Ambiguous signals, such as a new device or something out of the routine. The layer triggers the partner's MFA or a light step-up, only here.

Block

Low trust

A clear risk pattern or an already-blocked device. Access is refused and the decision is recorded for auditing.

Observability & SIEM

Every decision becomes a log ready for your SIEM.

Every Trust Decision generates a structured, auditable event, exported in real time to your SIEM. No black box: you see the signal, the rule that matched and the action taken, ready for correlation, alerting and auditing.

Structured events

Each decision comes out as JSON (or CEF) with device_key, user_ref, flow, decision, the rule that matched, the signals and the policy_id.

Real-time streaming

Delivery via webhook, syslog or native connector, with batch export for reprocessing and backfill.

Correlation and alerts

Normalized fields to build dashboards, correlate with other sources and create alert rules in your SIEM.

Audit trail

Configurable retention and immutable records, aligned with LGPD and ISO/IEC 27001, ready for the auditor.

Compatible with the leading SIEMs

Splunk, Elastic, Microsoft Sentinel, Datadog, IBM QRadar and Google Chronicle, among others.

Privacy preserved

The logs carry no personal data or exact location: only post-processed signals and anonymous identifiers.

SplunkElasticMicrosoft SentinelDatadogIBM QRadarGoogle Chronicle

Exclusive differentiators

More protection. Less friction.

Where the trust layer goes beyond ordinary device recognition and MFA used on its own.

Capability Sonarprint Ordinary recognition MFA alone
Still valid after reset, reinstallation and SIM swap Partial
Proof of possession and physical proximity Partial
Detects impossible travel and routine anomalies
Continuous decision, in milliseconds Partial
Explainable and auditable Trust Decision
No personal data, no exact location, no biometrics Partial
Friction for the good user Low Medium High

Technical frameworks

Standards that underpin the architecture.

Each part of the layer relies on a standard already consolidated by NIST, OWASP and ISO. It's not just a proprietary solution: it's practice aligned with the state of the art.

NIST SP 800-63B

Digital identity guidelines

Defines authentication assurance levels. We reinforce MFA by constantly confirming possession, proximity and the consistency of the device with the user, extending the session and reducing friction, without relying on SMS.

NIST CSF 2.0

Cybersecurity framework

We generate risk decisions (allow, challenge, block) and audit-ready records that support the govern, identify, protect, detect and respond functions.

OWASP Mobile Top 10 + NIST IR 8259

App and device security

Anonymous identity, minimal data collection, possession and proximity signals and blocks with an expiration window reduce data exposure and strengthen access control.

ISO/IEC 27001 + 27701 + 27018

Management, privacy and cloud data

Versioned policies, minimal data collection, auditable hosting and incident trails support security, privacy and the protection of personal data in the cloud.

Privacy & data protection

Privacy by design: a core principle, not an add-on.

Sonarprint was built to generate trust without knowing who the data subject is. Less invasive than traditional solutions and more trustworthy for both the user and the institution.

Anonymization at the source

The device identifier becomes an internal code. The key to reverse that code is never accessible to Group Link One, so we don't know who the data subject is.

Location without exposure

The exact location is never shared. The data is organized only by region.

End-to-end encryption

Communication between the app and our infrastructure is encrypted, and the stored data is also protected with strong encryption.

Minimal retention and remote shutdown

We keep data only for as long as necessary. And we can stop collection instantly, remotely, without needing to update the app.

Sonarprint

  • No biometric data, national ID number or sensitive data collected.
  • Decision based on the device pattern, without revealing the person's identity.
  • Anonymization and region-level data are part of the architecture, not a setting.

Traditional competitors

  • They require face, voice or documents at large scale.
  • Sensitive data passing through several layers of partners.

Regulatory compliance

A solid, auditable legal basis.

Valid legal basis

Legitimate interest (art. 7, IX, of the LGPD), with a documented Legitimate Interest Assessment (LIA).

Impact assessment ready

Data Protection Impact Assessment (DPIA), under art. 38 of the LGPD, covering all data processed.

Designated officer

A formally appointed Data Protection Officer (DPO), with a channel always open to the data subject.

Partner contracts

Specific data protection clauses, with no use of registration data and with transparency guaranteed to the data subject.

Data subject channel: dpo@grouplinkone.com

Security posture

Security that's auditable, not just declared.

The architecture follows defense in depth and privacy by design, with a documented threat model and recurring penetration testing. The controls are exposed live in our Trust Center, updated as each one is verified.

Alinhado a

  • NIST CSF 2.0
  • NIST SP 800-63B
  • OWASP Mobile
  • ISO/IEC 27001
  • ISO/IEC 27701
  • LGPD

Monitoramento contínuo de controles, evidências de auditoria e relatório de teste de invasão disponível mediante NDA.

Use cases

Where the Trust Decision becomes real protection.

Less friction for the user and more evidence for the institution, without changing your flows. The layer simply wraps each step with a trust check.

01

Access to sensitive data

Protect the user's most delicate information. At entry, the layer confirms the device; before the sensitive action, it cross-references identity, address and time and requests a verification when something falls outside the routine.

02

Credential issuance and renewal

Flows involving photos, documents and payment are fraud targets. Proximity confirms that the person and the device are in the same place, and a new device triggers verification before the critical steps.

03

High-value transactions

Operations with two parties and assets at stake. The layer confirms identity at the start, brings the parties closer and detects abuse at scale, such as the same device used across many transactions.

04

Web login without SMS

On the web, a QR Code scanned by the app confirms the device's possession and proximity. A known, nearby device skips MFA; an unknown or distant one triggers the partner's extra verification. Goodbye to the cost and fragility of SMS.

From kickoff to production in 30 days.

Implementation on any platform and with full privacy: data organized by region, anonymization on the device itself, no continuous tracking and with ready-made consent templates.

<1MB

App size

<2%

Battery usage

1h

Integration time

Fast implementation

  1. 01

    Kickoff

    Technical conversation, credentials and first points of interest.

  2. 02

    Integration

    1 hour, with a lightweight SDK (under 1 MB).

  3. 03

    Homologation

    Tests in a test environment.

  4. 04

    Go live

    In production within 30 days.

Come with us

The next leap in security comes from the physical world.

Sonarprint turns everyday interactions into continuous signals of trust. Less friction for the user and more evidence for your institution.