High-demand ticket sales and flash-sale events present a difficult engineering challenge. Platforms must reduce the impact of increasingly sophisticated automated traffic while keeping the purchasing experience smooth for legitimate customers.

Over the years, the industry has adopted multiple complementary defenses, including Web Application Firewalls (WAFs), rate limiting, behavioral analysis, CAPTCHAs, and fraud detection systems. Each contributes to protecting different parts of the attack surface.

At EMKAY LABS, we wanted to explore another architectural layer.

Rather than relying exclusively on browser behavior or network characteristics, RealNode introduces hardware-backed cryptographic verification during security-sensitive transactions using the WebAuthn and FIDO2 standards.

Instead of replacing existing defenses, the protocol is designed to complement them.

A Different Architectural Assumption

Modern browsers already provide access to hardware-backed authenticators through WebAuthn.

When available, these authenticators can generate cryptographic assertions proving that a registered device authorized a protected operation without exposing private keys or biometric information.

RealNode builds on this capability.

Instead of asking only "Does this request look legitimate?", the protocol can also ask "Can this protected action be backed by a valid cryptographic proof?"

Depending on the platform's security requirements, operators can enable different levels of verification.

Three Operational Modes

Rather than enforcing the same policy everywhere, RealNode provides three operating modes that correspond to different threat levels.

Browser
      │
      ▼
Behavior Analysis
      │
      ▼
Threat Level
      │
      ├──────── Insight → Observe
      │
      ├──────── Sentinel → Challenge if needed
      │
      └──────── Vault → Always require WebAuthn
      │
      ▼
Backend Verification
      │
      ▼
Protected Transaction

RN Insight

Not every platform requires active enforcement.

RN Insight focuses on visibility. It passively analyzes traffic characteristics and execution signals to help operators better understand how requests reach protected endpoints.

No users are interrupted, and no additional verification is required. The goal is simply to provide actionable insight before stronger protection is considered.

RN Sentinel

For platforms experiencing recurring automated traffic, RN Sentinel introduces adaptive verification.

Traffic continues to flow normally unless behavioral signals indicate an anomaly. In those situations, the platform can request a WebAuthn verification before allowing the protected action to continue.

For legitimate users, this typically corresponds to the same biometric gesture they already use to unlock their device.

The objective is to introduce additional verification only when it is likely to be useful.

RN Vault

Some events leave very little room for ambiguity.

Flash sales, limited inventory releases, or high-profile ticket launches may require stronger guarantees.

RN Vault requires hardware-backed verification for every protected transaction.

Each protected action must be accompanied by a valid cryptographic assertion generated by the user's registered authenticator before the request proceeds.

Rather than relying solely on behavioral confidence scores, the decision can also incorporate verifiable cryptographic evidence produced by the user's device.

Designed for Integration

One of the goals behind RealNode was to keep integration straightforward.

The frontend SDK can be added with only a few lines of code, while the backend verifies the cryptographic proof before completing protected operations.

The SDK is compatible with modern JavaScript frameworks and server-side rendering environments.

To reduce operational risk, the platform also includes configurable fail-open and fail-closed behaviors, allowing operators to choose the availability model that best matches their deployment requirements.

Looking Forward

Hardware-backed authentication has become widely available across modern browsers and operating systems.

While technologies such as WAFs, behavioral analysis, and CAPTCHAs continue to play an important role, cryptographic verification provides another architectural building block for protecting security-sensitive workflows.

RealNode is our exploration of how these standards can be applied beyond authentication and into high-demand transactional systems.

We're always interested in feedback from developers, security engineers, and platform architects exploring similar challenges.