How does Kopernio store and protect institutional credentials? – Kopernio

Kopernio streamlines access to your library's subscription journals. To do this, Kopernio facilitates the authentication process by connecting you directly to your institution's authentication webpage. Your credentials are never sent to Kopernio and never leave your browser other than to be submitted to the verified institutional authentication service.
After the first successful authentication, your credentials are encrypted and stored in your local browser cache so they can be automatically resubmitted to the authentication platform when a new session begins. If you do not wish to store your credentials, you can disable this feature via the settings menu.

The diagrams below show how your credentials are stored and secured during the authentication process.

First Authentication

1. When you hit a paywall, Kopernio can detect that you have no access. It triggers an authentication attempt by loading your Institution’s Authentication Page.

2. Submit your credentials to the Institution’s Authentication Page.

3. The Institution’s Authentication Page verifies your authentication attempt.

4. The Kopernio Plugin encrypts your credentials and stores the result in your browser cache.

Subsequent Authentications

1. The Kopernio Plugin detects that you are attempting to access subscription content via your browser.

2. The Kopernio Plugin retrieves and decrypts your stored credentials from the local browser cache and submits them to the Institution’s Authentication Page automatically.

3. The Institution’s Authentication Page verifies your authentication attempt.

---------------------

NOTE: In both cases, your credentials are never transmitted to the Kopernio servers. Credentials do not leave your browser other than to be sent to your Institution’s Authentication Page.

First Authentication

Subsequent Authentications

Related articles