DeviceKey: the device's identity
A unique, stable identity that the app creates for each device, independent of who is logged in. It survives logout, reinstallation and SIM swap, without exposing sensitive device identifiers or personal data.
Sonarprint is a trust layer that assesses the risk of every access in real time and returns a continuous, explainable Trust Decision. Your MFA stays in place and now steps in at the right moment, without bothering legitimate users. Fewer challenges for the good user, more of a barrier for the fraudster.
Why Sonarprint?
Passwords, SMS codes and biometrics confirm who the user claims to be, but passwords leak, get shared and get bypassed. Sonarprint adds something the fraudster cannot imitate: the presence of the right device, in the right place, at the right time.
By combining a collaborative network, location intelligence and behavioral patterns, the trust layer turns the physical world into continuous proof of trust, without exposing personal data. The practical result: the good user passes through with no friction and your MFA only shows up when it truly makes a difference.
We don't talk about binary authentication. We talk about risk, continuity and trust.
The premise of Sonarprint
Instead of a yes or no at login, Sonarprint tracks the risk of every interaction and returns a clear recommendation to your team. It's continuous trust based on signals of proximity, context and behavior — without biometrics and without personal data.
The trust layer
DeviceKey, in-app identity and context signals combine into a single decision: continuous, explainable and adjustable by policy. Behind each pillar, the layer evaluates countless signals.
A unique, stable identity that the app creates for each device, independent of who is logged in. It survives logout, reinstallation and SIM swap, without exposing sensitive device identifiers or personal data.
Daytime and nighttime address, presence of nearby devices and impossible travel. Everything organized by region, never as an exact coordinate.
An anonymous code for the already-authenticated user, which the partner sends and we link to the DeviceKey to enrich the analysis, without revealing who they are.
The final decision — allow, challenge or block — continuous and explainable, with risk alerts and the signals that back it.
What the layer observes
Sonarprint doesn't decide based on a single data point. It combines countless signals, from what surrounds the user to the environment of the app and the device itself, to measure trust continuously, without asking anything of the good user.
Trusted devices and points nearby, co-location and physical presence that confirm possession at the moment of access.
Daytime and nighttime address, impossible travel and routine anomalies, always by region and never as an exact coordinate.
App integrity, signs of tampering, emulators and automation, plus usage patterns within the app itself.
Stable device characteristics, root/jailbreak, risky settings and the consistency of these signals over time.
The DeviceKey, a unique, stable identity that survives logout, reinstallation and SIM swap.
Rhythm, habits and interaction patterns over time, which the fraudster cannot replicate at scale.
None of these signals expose personal data, exact location or biometrics. They are post-processed and combined into a single Trust Decision, explainable and auditable.
01
Proximity, possession and device-environment signals, read lightly and without weighing down the device.
02
It cross-references trusted proximity points and organizes context by region, without using exact location.
03
Daytime and nighttime address, the consistency of habits and routine anomalies become signals for each device.
04
The result is the Trust Decision: allow, challenge or block that interaction.
How the layer decides
The Sonarprint layer fits into your flows without requiring any structural change. It follows the context, assesses the risk and guides the access decision. It doesn't replace your MFA: it avoids triggering it when trust is high and reinforces it exactly when a risk signal appears. Fewer challenges for the good user, more of a barrier for the rest.
Known device, recognized user and location consistent with the routine. The flow proceeds with no friction.
Ambiguous signals, such as a new device, travel or something out of the routine. The action is routed to the partner's own MFA.
An already-blocked device, an identity used in many places or a clear fraud pattern. The action is refused and recorded.
Every decision is recorded (device, identity, signals and action), ready for auditing in the partner's systems.
Trust Decision configuration
The Trust Decision isn't a black box of ours: the rules are defined by you. Every decision is guided by policies that your team builds, versions and audits, in the visual editor or as a versioned policy. You combine the criteria, choose the action for each band and decide exactly when your MFA steps in, with no code.
In the visual builder you drag and combine criteria for each action. An example of a customer's configuration:
When ALL are true
When ANY is true
When ANY is true
The criteria are built by the customer: visually, in the editor, or as a versioned policy in the repository. You define what counts as trusted, ambiguous or risky.
Known device, recognized user and context consistent with the routine. Access proceeds with no friction and no challenge.
Ambiguous signals, such as a new device or something out of the routine. The layer triggers the partner's MFA or a light step-up, only here.
A clear risk pattern or an already-blocked device. Access is refused and the decision is recorded for auditing.
Observability & SIEM
Every Trust Decision generates a structured, auditable event, exported in real time to your SIEM. No black box: you see the signal, the rule that matched and the action taken, ready for correlation, alerting and auditing.
Each decision comes out as JSON (or CEF) with device_key, user_ref, flow, decision, the rule that matched, the signals and the policy_id.
Delivery via webhook, syslog or native connector, with batch export for reprocessing and backfill.
Normalized fields to build dashboards, correlate with other sources and create alert rules in your SIEM.
Configurable retention and immutable records, aligned with LGPD and ISO/IEC 27001, ready for the auditor.
Splunk, Elastic, Microsoft Sentinel, Datadog, IBM QRadar and Google Chronicle, among others.
The logs carry no personal data or exact location: only post-processed signals and anonymous identifiers.
Exclusive differentiators
Where the trust layer goes beyond ordinary device recognition and MFA used on its own.
| Capability | Sonarprint | Ordinary recognition | MFA alone |
|---|---|---|---|
| Still valid after reset, reinstallation and SIM swap | ✓ | Partial | ✕ |
| Proof of possession and physical proximity | ✓ | ✕ | Partial |
| Detects impossible travel and routine anomalies | ✓ | ✕ | ✕ |
| Continuous decision, in milliseconds | ✓ | Partial | ✕ |
| Explainable and auditable Trust Decision | ✓ | ✕ | ✕ |
| No personal data, no exact location, no biometrics | ✓ | Partial | ✕ |
| Friction for the good user | Low | Medium | High |
Technical frameworks
Each part of the layer relies on a standard already consolidated by NIST, OWASP and ISO. It's not just a proprietary solution: it's practice aligned with the state of the art.
Defines authentication assurance levels. We reinforce MFA by constantly confirming possession, proximity and the consistency of the device with the user, extending the session and reducing friction, without relying on SMS.
We generate risk decisions (allow, challenge, block) and audit-ready records that support the govern, identify, protect, detect and respond functions.
Anonymous identity, minimal data collection, possession and proximity signals and blocks with an expiration window reduce data exposure and strengthen access control.
Versioned policies, minimal data collection, auditable hosting and incident trails support security, privacy and the protection of personal data in the cloud.
Privacy & data protection
Sonarprint was built to generate trust without knowing who the data subject is. Less invasive than traditional solutions and more trustworthy for both the user and the institution.
The device identifier becomes an internal code. The key to reverse that code is never accessible to Group Link One, so we don't know who the data subject is.
The exact location is never shared. The data is organized only by region.
Communication between the app and our infrastructure is encrypted, and the stored data is also protected with strong encryption.
We keep data only for as long as necessary. And we can stop collection instantly, remotely, without needing to update the app.
Regulatory compliance
Legitimate interest (art. 7, IX, of the LGPD), with a documented Legitimate Interest Assessment (LIA).
Data Protection Impact Assessment (DPIA), under art. 38 of the LGPD, covering all data processed.
A formally appointed Data Protection Officer (DPO), with a channel always open to the data subject.
Specific data protection clauses, with no use of registration data and with transparency guaranteed to the data subject.
Security posture
The architecture follows defense in depth and privacy by design, with a documented threat model and recurring penetration testing. The controls are exposed live in our Trust Center, updated as each one is verified.
Alinhado a
Monitoramento contínuo de controles, evidências de auditoria e relatório de teste de invasão disponível mediante NDA.
Use cases
Less friction for the user and more evidence for the institution, without changing your flows. The layer simply wraps each step with a trust check.
Protect the user's most delicate information. At entry, the layer confirms the device; before the sensitive action, it cross-references identity, address and time and requests a verification when something falls outside the routine.
Flows involving photos, documents and payment are fraud targets. Proximity confirms that the person and the device are in the same place, and a new device triggers verification before the critical steps.
Operations with two parties and assets at stake. The layer confirms identity at the start, brings the parties closer and detects abuse at scale, such as the same device used across many transactions.
On the web, a QR Code scanned by the app confirms the device's possession and proximity. A known, nearby device skips MFA; an unknown or distant one triggers the partner's extra verification. Goodbye to the cost and fragility of SMS.
Implementation on any platform and with full privacy: data organized by region, anonymization on the device itself, no continuous tracking and with ready-made consent templates.
<1MB
App size
<2%
Battery usage
1h
Integration time
01
Technical conversation, credentials and first points of interest.
02
1 hour, with a lightweight SDK (under 1 MB).
03
Tests in a test environment.
04
In production within 30 days.
Come with us
Sonarprint turns everyday interactions into continuous signals of trust. Less friction for the user and more evidence for your institution.