# Account and Keys
A private key uniquely determines a single AI Network address, also known as an account.
The usage of accounts in AI Network is more than securing funds. AI Network uses the account for allowing only certain addresses which satisfies the rule in the database path can change the value. In general, AI Network transaction is a request to access a particular database path with a particular account, and it requires a valid digital signature to be included in the blockchain. Anyone can verify that a transaction is valid, by checking that the digital signature matches the transaction details and the account to which access is being requested.
When a transaction is sent to the blockchain in order to change the value at a specific path in the blockchain state, it needs to be sent with a digital signature created with the private key corresponding to an account who has the permission to write the value to the path. More specifically, permission of the database path is controlled by owner and rule which can be also modified by signed transactions. While owner permission at a path is granted by specifying certain actionable types (i.e. branch\_owner*,* write\_function, write\_owner, write\_rule) to accounts, rules are more flexible and can be used with conditional statements. The details are covered in the rules section.
The following diagrams show how an application can utilize owner and rule for managing permission of an app. At first, the application owner can start from branching its own application path, and define rules for an application at subtrees. Some of the rules at subtree may state that the data can be only written by the users themselves, and even application owner cannot modify the user data.
Fig 1. (1) 0xAAAAAAAA does not have write\_owner permission at "/apps". (2) 0xAAAAAAAA has a branch permission at "/apps", so it can start a new branch "/apps/afan". (3) 0xAAAAAAAA has a write\_rule permission at "/apps/afan", so it can write rule at "/apps/afan/user0". (4) 0xBBBBBBBB does not have a write\_rule permission, so it cannot write a rule at "/apps/afan/user0".
Fig 2. (1) 0xAAAAAAAA has permission to write the value at "/apps/afan". (2) 0xAAAAAAAA does not have permission to write the value at "/apps/afan/user0". (3) 0xBBBBBBBB has permission to write the value at "/apps/afan/user0". (4) While 0xCCCCCCCC has permission to write the value at "/apps/afan/user1", 0xBBBBBBBB does not have permission.
CAUTION: The private key must remain secret at all times. It must be backed up and protected from accidental loss. If it’s lost, it cannot be recovered and the funds and data secured by it are lost forever too.\
\
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ainetwork.ai/ain-blockchain/ai-network-design/account-and-keys.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.