To preserve user privacy, the approval key is not used to sign a machine's configuration for attestation. Instead, the approval key is used to generate unique keys called Attestation Identity Keys (AIK) that are used to communicate with third parties. The reason AIKs are used is to ensure user privacy when communicating with different sources. The approval key could be used for this purpose, but because it is unique it could allow a platform's identity to be linked to every source it communicated with. AIKs provide a unique anonymous identity that the TPM can use with each different origin. In essence, the AIK acts as an alias for approval