3.1.1.4.3.4.2 AIK Attestation (Subject Only)

The client MUST generate a symmetric key locally and MUST use it to encrypt the Client_HardwareKeyInfo ADM element in the request. The client MUST then encrypt the symmetric key by using the public key from the retrieved CA exchange certificate. The encrypted symmetric key MUST then be included in a certificate request, as specified in section 3.1.1.4.3.4.<30>