Abstract: Systems and methods authenticate a device to operate within an enterprise system with an enterprise policy. An agent, installed on the device, analyzes the device to determine profile information of the device. The determined profile information is sent to a type 2 super peer that verifies whether the profile information conforms to the enterprise policy. If the profile information conforms to the enterprise policy, an agent trust credential is generated, within the type 2 super peer, for the agent, based upon the profile information, and issued to the agent. Authenticity of the device is verified based upon the agent trust credential. If the device is authenticated, communications with the device are permitted. If the device is not authenticated, communications with the device is prevented. In another embodiment, a method restores a device to conform to a system policy. A snapshot of critical components of the device is taken while the device is in compliance with the system policy.

Abstract: Zero-knowledge authentication proves identity without revealing information about a secret that is used to prove that identity. An authentication agent performs authentication of a prover agent without knowledge or transfer of the secret. A non-centralized zero-knowledge authentication system contains multiple authentication agents, for access by multiple computers seeking access on a computer network through local prover agents. Once authenticated, those multiple computers may also implement authentication agents. The secret may periodically expire by publishing a new encrypted secret by a trusted source, thwarting attempts to factor or guess information about the secret.