When a user of a mobile device (or indeed any client device for that matter, whether or not mobile/wireless) uses the device to send a content request via a network to a content server, the device may conventionally pull from its cache an indication of the user's ID and password. The device may then automatically provide those parameters, together with a device ID, in the content request to the content server. Because the user may have previously entered the user ID and password into the device and the device may have cached those values, the device may pull and send this information in the background, without the user needing to actively enter the user ID and password each time content is requested. The cached values may be specific to the content server/URL at issue or may be more general.
With a mobile device, the user ID may be a Network Access Identifier (NAI), typically assigned to the mobile device in association with the user's mobile service plan. An NAI may take the form username@domain, such as johnqpublic@sprint.com for instance. The device ID may be an ID that uniquely identifies the mobile device, such as an Electronic Serial Number (ESN).
A problem with this general arrangement is that a device may change hands from one user to another and thus from one user account to another. When a device switches to a new user account, a different username (e.g., NAI) would likely be associated with the new account. However, there is still a chance that the device may bear in its cache the old account's (old user's) user ID and password. Consequently, when the device sends a content request, the device may automatically include within the content request the old user ID and password (together with the device ID), unbeknownst to the new user (or perhaps even with the knowledge of the new user). Unfortunately, the content server that receives such a request is unlikely to know that the user ID and password are not those of the current user/account. Thus, the content server may grant access to the requested content or other network resources in response to the provided user ID and password. This result is undesirable. The present invention provides a solution to help overcome this problem.