When a user logs in with a mobile device to a wireless network controlled by a Communications Service Provider (CSP), a network Home Agent (HA) or some other entity, depending on the network, such as a Network Access Server (NAS), authenticates the user. The user is assigned an Internet protocol (IP) address which is valid for the duration of the mobile IP session. Thereafter, the HA sends an accounting message to a server configured to perform accounting services in relation to the mobile IP session. Such accounting services include tracking the consumption of resources so as to provide information for management, planning, billing, or other purposes. Typically, the accounting message is sent as a Uniform Datagram Packet (UDP) and contains the mobile IP address, user and device identification information. A common protocol used to send the accounting message is the Remote Authentication Dial In User Service (RADIUS) protocol. The information contained in the accounting message is stored as a mapping within the server (thereinafter referred to as the mapping server). When other entities, such as a gateway or proxy server which bridges communications between the wireless network controlled by the HA and a remote network, for example the Internet, receive a request from the mobile device, a mobile IP address contained in the request is used as a key to request device and user identification information mapped to the mobile IP address from the mapping server. When the user logs out, or the mobile session is terminated for any other reason, the HA sends a stop accounting message to the mapping server requesting the mapping server to remove the mapping associated with the mobile IP address.
As mentioned above, the accounting messages are UDP messages. The UDP protocol is inherently unreliable since no acknowledgement is required for each data packet that is sent and there is no checking and correction mechanism to deal with losses of data packets. Typically, the HA sends out the stop accounting message to the mapping server and waits for a predetermined amount of time for an acknowledgement message from the mapping server. If no acknowledgement message is received, the HA may be configured to resend the stop accounting message. However, the resent stop accounting message is also not guaranteed to be received. Further, the HA is configured to resend the message for a limited number of times after which it simply gives up.
Thus, it is possible that the stop accounting message may not reach the mapping server. As a result, an invalid mapping of mobile IP address to the device identification information and to user identification information may continue to exist in the mapping server, even after the user has terminated the session and the HA has allocated the mobile IP address to another user. Should this happen, and the mobile device which has been allocated the same mobile IP address makes a request to the proxy or gateway server, the proxy or gateway server will be able to obtain the user and device identification that was previously mapped to information associated with the mobile IP address in order to authenticate the request. Thus, the current user will have the permissions of the previous user and will be able to access or modify data belonging to the previous user, which compromises network security.