Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.

Abstract: Systems, apparatuses, and methods are described for determining, based on blockchain, integrity of software and/or data stored on a vehicle. A computing device associated with a vehicle may determine one or more hash values for software and/or data stored on the vehicle. The computing device may receive values from read-only memory associated with the computing device and/or values from a blockchain of a distributed ledger system. The computing device may determine the integrity of the software and/or data based on the one or more hash values, the values from the read-only memory, and/or the values from the blockchain.

Abstract: Certain exemplary embodiments relate to techniques for processing PIN-inclusive transactions in connection with an electronic device or terminal, e.g., where PIN code encryption keys are not necessarily stored on the electronic device or terminal, and/or where payment instrument data is maintained in a separate system from PIN code data at least until certain elements are combined in a highly secure system for submission to an electronic funds transfer network. One or more separate or physically separated systems may be used in this regard, e.g., taking advantage of more prevalent computer networks such as the Internet. Similarly, the ability to provide less expensive terminals or electronic devices at a point-of-sale, point-of-purchase, etc., may be advantageous. The interchange rate is not necessarily driven up in certain example instances.

Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

Abstract: A method performed by a client application executing on a client computing device is disclosed. The method includes generating a private key and a public key corresponding to the client application. The method also includes transmitting the public key to a middleware application executing on a middleware computing device, a server application executing on a server computing device, or both. The client application and the server application are engaged in a trusted relationship. The method also includes receiving, at the client application, a request to perform an operation on an encrypted content that is stored at the middleware computing device and that is encrypted with the public key by the middleware application or the server application, decrypting the encrypted content using the private key to generate a decrypted content, and presenting the decrypted content on a display screen of the client computing device.

Abstract: A system for generating a blockchain comprises first circuitry for receiving a first group of data. Blockchain processing circuitry generates a blockchain for a plurality of groups of data. The blockchain processing circuitry generates the blockchain by generating a first nonce for a first block of the blockchain. The blockchain processing circuitry performs a first hash using the first group of data and the first nonce as an input to a hash function to generate a first digital signature for the first block as an output. The hash function uses encryption based on quantum key distribution using N-state qudits where N is greater than 2. The block chain processing circuitry receives a second group of data and generates a second nonce for a second block of the blockchain. A second hash is performed using the second group of data, the second nonce and the first digital signature to generate a second digital signature for the second block as an output.

Abstract: A system and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner without the need for usernames and passwords. The method comprises Blockchain, Merkle Trees and Public Key infrastructures and methods that utilize peer-to-peer network protocols. The methods include interactions of two self-sovereign identity groups; persons and devices, with each having their own authorization layer. The devices employ two domains of identity and authorization with each said device having its own self-assigned machine identity. There are three domains of Identity, Authentication and Authorization employed for persons. The final linking of the two groups requires access to be granted by the device in a distributed autonomous manner.

Abstract: The present disclosure relates to a method for processing data in a database engine. The method includes storing a first instance of a first table in the database engine in plaintext. Encryption information about encryption methods and encryption keys of at least one predefined column of the first table may be maintained. In response to data changes in the column, first log entries for the data changes may be written in plaintext. The data changes may be encrypted by an encryption component using the encryption information. This results in encrypted data changes. Second log entries for the encrypted data changes may be written and applied to a second instance of the first table. The second instance of the first table is stored at a further database engine.

Abstract: A first interface is transmitted from the server computer system to a user computer system, the first interface having a field for entering a mobile telephone number. A mobile phone number entered into the field for the mobile phone number is received from the user computer system at the server computer system. A password is generated and transmitting from the server computer system to a mobile device having a mobile phone number corresponding to the mobile phone number received from the user computer system and a second interface is transmitted from the server computer system to the user computer system, the second interface including a field for entering the password. A follow-up message is transmitted from the server computer system to the mobile device if the password is not received from the user computer system at the server computer system within a predetermined period of time.

Abstract: A social networking system determines whether targeting criteria for an advertisement includes one or more sensitive criteria. The advertisement's targeting criteria is compared to one or more keywords or parameters associated with sensitive topics, such as sexual orientation, religious affiliation, political affiliation, or health status. If the targeting criteria matches one or more keywords or parameters associated with a sensitive topic, the social networking system determines that the targeting criteria includes sensitive criteria and prevents recordation of information regarding a viewing user's exposure to the advertisement.

Abstract: System and method for managing leaf nodes of a B-tree for a file system of a computer system utilize used slots in a directory section of a leaf node to index variable size key-value pair entries stored in a data section of the leaf node and free spaces slots in the directory section to index contiguous free spaces in the data section. Contents of the free space slots in the directory section are updated in response to changes in the contiguous free spaces in the data section to manage free space in the data section of the leaf node.

Abstract: Systems, methods, and computer readable media for staging a corpus of electronic communication documents for analysis, such as, for example, via a content analysis platform. The staging may include a staging platform accessing the corpus of electronic communication document. For each electronic communication document within the corpus, the staging platform may generate a fingerprint based upon the output of a hash function executed upon a set of characteristics corresponding to each segment within the electronic communication document. The staging platform may analyze the generated fingerprints to generated a plurality of threaded conversations that do not include electronic communication documents that fail to convey any new information. The systems and methods may also include detecting and flagging any segments within an electronic communication document that may have been mutated by its author.

Abstract: The present disclosure relates to a method for processing data in a database engine. The method includes storing a first instance of a first table in the database engine in plaintext. Encryption information about encryption methods and encryption keys of at least one predefined column of the first table may be maintained. In response to data changes in the column, first log entries for the data changes may be written in plaintext. The data changes may be encrypted by an encryption component using the encryption information. This results in encrypted data changes. Second log entries for the encrypted data changes may be written and applied to a second instance of the first table. The second instance of the first table is stored at a further database engine.

Abstract: A secure storage device is connected to a computer system. The secure storage device has a memory including a domain and a subdomain storing first and second data, respectively. The computer system includes a first level hypervisor managing a first level virtual machine, which supports a first operating system, and a second level hypervisor. The second level hypervisor manages a second level virtual machine, which supports a second level operating system. A first authentication process for the first level operating system uses first profile data sent by the computer system and a portion of the first data. A second authentication process for the second level operating system uses second profile data sent by the computer system and a portion of the second data. The first data is not accessible by the second level operating system. The second data is not accessible by the first level operating system.

Abstract: A computer-implemented data transmission method and system are provided. A first transformed password (PWD) is acquired from the first node, wherein the first transformed PWD is derived from an original PWD. An encrypted message is acquired from the first node, the encrypted message being encrypted with a public key of the first node. A private key of the first node is recovered according to the first transformed PWD, the private key having been encrypted with the first transformed PWD and stored in the second node in advance. The encrypted message is decrypted with the recovered private key to obtain a decrypted message for processing.

Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform and includes a client identifier. The method may also comprise establishing a challenge session associated with the request. The challenge session indicates one or more challenges required of a user associated with the client identifier to successfully respond to in order to establish the requested access session.

Abstract: Embodiments provide a user equipment (UE) device that includes a processor and a transceiver. The processor is configured to direct a handover request to an evolved packet core (EPC) access node via the transceiver. The access node may be, e.g. a wireless local area network (WLAN) access point or an E-UTRAN access point. The handover request may initiate a transfer of connectivity of the UE device from the WLAN access point to the E-UTRAN access point, or from the E-UTRAN access point to the WLAN access point. The processor is configured to receive a handover response from the current access node, wherein the response includes a cryptographic key identifier, and to derive a handover key from the key identifier. The processor may then operate the UE device to provide connectivity based on the handover key between the UE device and the other of the access nodes.

Abstract: A single sign-on is implemented in an online transaction processing system. A security token extracted from a transaction request is received. The security token is validated and, in response to a positive validation, security information is extracted. The security information is processed to validate the transaction request and a set of validation attributes is generated. The set of validation attributes is stored in a read-only data object. A transaction server is notified of the read-only data object to authorize processing of the transaction request by the transaction server.

Abstract: An information processing apparatus connected with one or more apparatuses through a network, comprises: a first acquiring unit configured to acquire first address information for indicating one of addresses in the network among addresses of the apparatuses and first apparatus specific information for identifying the apparatuses; a second acquiring unit configured to acquire second apparatus specific information for identifying an apparatus indicated by the first address information acquired by the first acquiring unit; a determining unit configured to determine whether the first apparatus specific information acquired by the first acquiring unit is the same as the second apparatus specific information acquired by the second acquiring unit or not; and a process requesting unit configured to request the apparatus indicated by the first address information to perform a certain process upon the determining unit determining the first apparatus specific information to be the same as the second apparatus specific i

Abstract: An example method performed by one or more processing devices includes: generating encrypted content at a sender device using one or more first keys that are available from a key provider; and outputting the encrypted content to a recipient device over one or more channels; where the key provider enables access, following authorization, by the recipient device to one or more second keys for decrypting the encrypted content; and where an entity that enables the channel is unaffiliated with the key provider.

Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.

Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.

Abstract: A method for providing a multi-service platform to entities includes the storage of profiles for a plurality of entities involved in services with other entities, including point to point and business to business transactions, including entities not registered, that can be claimed by each entity, where each entity can provide for roles and hierarchies of authorized users of the platform for that entity, and where the platform is configured to provide, among other services, registration of procurement status for purchase orders in a digital ledger that provides for auditability and immutability.

Abstract: Systems and methods for end to end encryption are provided. In example embodiments, a computer accesses an image including a geometric shape. The computer determines that the accessed image includes a candidate shape inside the geometric shape. The computer determines, using the candidate shape, an orientation of the geometric shape. The computer determines a public key of a communication partner device by decoding, based on the determined orientation, data encoded within the geometric shape. The computer receives a message. The computer verifies, based on the public key of the communication partner device, whether the message is from the communication partner device. The computer provides an output including the message and an indication of the communication partner device if the message is verified to be from the communication partner device. The computer provides an output indicating an error if the message is not verified to be from the communication partner device.

Abstract: The present disclosure relates to techniques for enforcing privacy rights in digital images. An example method generally includes receiving a image-hash as part of a wireless communications protocol where the image-hash comprises a collection of data representing an individual face. Analyzing a digital image using the image-hash to identify a matching face where the collection of data from the image-hash is used to initialize an identification algorithm. The identification algorithm is configured to return a positive identification when the individual face is present in the digital image, and editing the digital image to obscure the individual face when a positive identification is returned.

Abstract: The present application describes a computer-implemented device on a network including a non-transitory memory having instructions stored thereon for registering a node with a router on the network. The device also includes a processor, operably coupled to the non-transitory memory, configured to execute the instructions of receiving, from the node over the network, a solicitation with context information including a registration start time request. The processor is also configured to execute the instructions of evaluating, at the router, whether to accept the solicitation based upon neighbor space and the received start time request. The processor is even further configured to execute the instructions of sending, to the node, an advertisement including an approved registration start time based upon the determining step.

Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.

Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Abstract: A method and apparatus provides for user authentication. In an example, the method and apparatus includes establishing a very short range wireless communication link between the first apparatus and the second apparatus and authenticating a user of the first apparatus by the second apparatus directly using a different and short range peer to peer wireless communication link between the first apparatus and the second apparatus in response to establishing the very short range wireless communication link.

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). A method for downloading profiles in a terminal in a wireless communication system include generating and storing an encryption key at a time point, loading the stored encryption key, when receiving profile download start information from a profile providing server, and downloading an encrypted profile for the electronic device from the profile providing server, via the loaded encryption key, and installing the encrypted profile in the electronic device.

Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: Methods and systems for data communication in a distributed computing environment include: providing a first network node associated with a first data processing location, the first network node providing provide a network interface for a first distributed computing node at the first data processing location; and forwarding task data flow messages from the first distributed computing node to a second distributed computing node at a second data processing location via a second network node associated with the second data processing location.

Abstract: A system, method, and computer readable storage medium configured for storing encrypted data in a blockchain. To write additional data in a blockchain, a request is received at a computing node. The request is typically cryptographically signed by a user system to include a new transaction with additional data in the blockchain. The additional data is previously encrypted with an encryption key. A new block that records the new transaction with additional data in the blockchain is added. To read the additional data in a blockchain, a request is received at a computing node with a transaction identifier and a decryption key from a user system to access data journaled as part of the blockchain in the transaction database. The transaction database is searched using the identifier. In response, to finding the corresponding block in the blockchain, the data is decrypted using the decryption key.

Abstract: Mechanisms for authenticating a connection between a user device and a streaming media content device comprising: identifying a collection of candidate streaming media content devices based on beacon(s) detected by a user device; receiving an indication that one of the content devices is to be selected for connection to the user device; transmitting instructions to the content devices to broadcast a signal, wherein the signal broadcast by each of the content devices contains a value that indicates an identity of the content device; receiving, from the user device, an audio signal that includes a detected signal; processing the audio signal to extract the value indicating the identity of a particular content device associated with the detected signal contained in the received audio signal; identifying the particular content device based on the determined value; and transmitting an indication that the user device and the particular content device are authenticated to communicate.

Abstract: The present invention provides a web-based electronic document service apparatus, which is capable of authenticating the edit of a document, and an operating method thereof, in which when a predetermined authentication token is randomly issued and transmitted to a client terminal accessing for editing an electronic document based on a web, and then an editing command and an authentication token corresponding to the editing command are received from the client terminal, it is determined whether the received authentication token corresponds to the previously issued authentication token, so that it is possible to confirm whether the editing command received from the client terminal is the editing command generated by the true user, thereby providing a security mechanism.

Abstract: Systems and methods of sending secured messages on decentralized networks are provided. A software application distributed and installed on a computer terminal that willing is able to participate in the system, where the computer terminal is interactively and dynamically connected to one or two decentralized peer-to-peer communication networks, using the Internet. One of the networks is used to advise about the presence of a message and the other is used to securely store the content of the messages. An alternative embodiment is to use only the decentralized storage system, if it can also acts as a Public Ledger network, with its native crypto-currency. The cryptographic keys of the first network are used to protect the content of the file and to derive where the messages will be stored on the decentralized storage network. In such networks, the transactions are handled by cryptographic mathematical algorithms, which are known to be identical across all users or participants of the same network.

Abstract: Methods and apparatus for secondary authentication in a network. A method performed by a user equipment (UE) comprises establishing a user plane (UP) session or connection with a UP function (UPF), receiving an extensible authentication protocol (EAP) based authentication request from the UPF and sending an EAP based authentication response to the UPF. A method performed by a user plane UP function (UPF) comprises establishing a UP session or connection to a user equipment (UE), sending an extensible authentication protocol (EAP) based authentication request to the UE, and receiving an EAP based authentication response from the UE.

Abstract: Methods and apparatus to provide extended object notation data are disclosed. An example apparatus includes a data handler having a first input to receive object data and a first output to output an object notation key-value pair for the object data; a string processor having a second input coupled to the first output and a second output to convey the object notation key-value pair without string literals; and a hashing and encryption handler having a third input coupled to the second output and a third output to convey the key-value pair signed with a private key, to convey the key-value pair encrypted with a public key, and to convey an indication that the encrypted key-value pair is encrypted in a key of the encrypted key-value pair.

Abstract: A server receives a login request from a first device. The login request includes login information used for an application login. In response to receiving the login request from the first device, the server transmits, to a second device different from the first device, a first message including a verification code. The first message instructs the second device to broadcast an audio signal including the verification code. The verification code is used to verify the first device by the server.

Abstract: An authentication device has internal circuitry operable to execute specific digital processing, a digital token, an image-capturing mechanism and circuitry, and an output interface. The image-capturing mechanism captures an image providing biometric identity of a user, the internal circuitry executing a first specific digital process creates a first digital string unique to the image providing biometric identity, the internal circuitry executing a second specific digital process combines the first digital string with the digital token, creating a combined digital string, and the combined digital string is provided to the output interface.

Abstract: Memory blocks are associated with each memory level of a hierarchy of memory levels. Each memory block has a matching key capability (MaKC). The MaKC of a memory block governs access to the memory block, in accordance with permissions specified by the MaKC. The MaKC of a memory block can uniquely identify the memory block across the hierarchy of memory levels, and can be globally unique across the memory blocks. An MaKC of a memory block includes a block protection key (BPK) stored with the memory block, and an execution protection key (EPK). If a provided EPK for a memory block matches the memory block's BPK upon comparison, access to the memory block is allowed according to the permissions specified by the MaKC.

Abstract: Systems and methods for adaptively streaming video content to a wireless transmit/receive unit (WTRU) or wired transmit/receive unit may comprise obtaining a media presentation description that comprises a content authenticity, requesting a key for a hash-based message authentication code; receiving the key for the hash-based message authentication code, determining a determined hash for a segment of the media presentation description, requesting a reference hash for the segment from a server, receiving the reference hash for the segment from the server, and comparing the reference hash to the determined hash to determine whether the requested hash matches the determined hash.

Abstract: A method for sharing data between blockchains in a multi-chain network including receiving a first plurality of account addresses associated with first and second blockchains and an account state for each account associated with the first plurality of account addresses, generating a first hash tree comprising a mapping between the first plurality of account addresses and the account states, defining a world state trie, generating a root hash of the world state trie, receiving a first plurality of transactions associated with the first and second blockchains, generating a second hash tree comprising the first plurality of transactions, defining a transactions trie, and generating a root hash of the transactions trie.

Abstract: In a first aspect of the disclosure, a method performed by an AAA server (103) of authenticating a non-SIM mobile terminal (111) with a wireless network (100) is provided. The method comprises receiving (S201) a request for service of the non-SIM mobile terminal (111), authenticating (S202) the non-SIM mobile terminal (111), submitting (S203) a request for subscriber profile data associated with the non-SIM mobile terminal (111) to an HSS (105), the subscriber profile data request comprising an indication that the non-SIM mobile terminal (111) has been authenticated by the AAA server (103), and to receiving (S204) from the HSS (105), in response to the indication that the non-SIM mobile terminal (111) has been authenticated, the requested subscription profile data.

Abstract: A non-transitory computer-readable medium stores computer-executable instructions including an application. The application is configured to cause a processor of an information processing device to, in response to accepting an authentication instruction, activate a local server and a browser, and instruct the browser to display an authentication screen of a cloud server and to specify the local server as a redirection destination. The local server is configured to cause the processor to, in response to receiving a request from the browser, determine whether the request is a particular request other than the redirection request, when determining that the request is not the particular request, instruct the browser to display a completion screen including a result of the authentication, and terminate the local server, and when determining that the request is the particular request, respond to the particular request, without terminating the local server.

Abstract: A voice-commanded common computing device may be selectively paired other computing devices in a shared network. The common computing device may detect co-presence of paired devices on the shared network, and may determine when audio and/or video content may be cast to devices on the shared network based on the detected co-presence. Audio content may include messages composed by a first user of a first device in the shared network, to be audibly output to a second user of a second device in the shared network. Casting of personal information may include positive authentication and verification prior to audible output of the personal information.

Abstract: One embodiment described herein provides a system and method for secure data storage. During operation, a client device selects a quantum data key from a plurality of quantum data keys shared between the client device and a storage server, encrypts to-be-stored data using the selected quantum data key, and transmits a data-storage request to the storage server. The data-storage request comprises a key-identifier of the selected quantum data key and the encrypted data.

Abstract: Various examples described herein are directed to systems and methods for securing data. A security system may receive a first record comprising a plurality of record fields, where the plurality of record fields includes a first record field and the first record field includes a first record field data. The security system may access a source setup record corresponding to the first record from a source setup table and determine that the source setup record comprises data referencing the first record field. The security system may access first token data corresponding to the first record field data and replace the first record field data at the first record field with the first token data. The security system may store the first token data at a token table and writing the first token data to the first record field to replace the first record field data.