Apparatus and method for authenticating network devices

What is claimed is: 1 . An aggregation device, comprising: a reply-reception module, stored in memory, that receives, from a satellite device, an authentication reply that: includes an original authentication message digitally signed by the aggregation device using a private key of the aggregation device; and is digitally signed by the satellite device using a private key of the satellite device; a forwarding module, stored in memory, that forwards the authentication reply to a network management server; a validation-reception module, stored in memory, that receives, from the network management server in response to forwarding the authentication reply, a validation message that: includes the original authentication message decrypted, by the network management server, using a public key of the aggregation device; includes the authentication reply decrypted, by the network management server, using a public key of the satellite device; and is digitally signed by the network management server using a private key of the network management server; an authentication module, stored in memory, that authenticates the satellite device based at least in part on receiving the validation message; and at least one physical processor configured to execute the reply-reception module, the forwarding module, the validation-reception module, and the authentication module. 2 . The aggregation device of claim 1 , further comprising a signature module, stored in memory, that digitally signs the original authentication message using the private key of the aggregation device. 3 . The aggregation device of claim 2 , wherein the reply-reception module receives the authentication reply from the satellite device at least in part by receiving the authentication reply from the satellite device in response to transmitting the digitally signed original authentication message to the satellite device. 4 . The aggregation device of claim 1 , wherein the original authentication message comprises a secure device identifier of the aggregation device. 5 . The aggregation device of claim 4 , wherein the secure device identifier corresponds to a secure device identifier that: a manufacturer of the aggregation device assigned to the aggregation device; and the manufacturer of the aggregation device signed with a private key of the manufacturer to validate the aggregation device. 6 . The aggregation device of claim 1 , wherein at least one of: the aggregation device stores the private key of the aggregation device within a trusted platform module comprising a secure cryptoprocessor that secures the aggregation device by integrating at least one cryptographic key into the aggregation device; and the satellite device stores the private key of the satellite device within a trusted platform module comprising a secure cryptoprocessor that secures the satellite device by integrating at least one cryptographic key into the satellite device. 7 . The aggregation device of claim 1 , wherein: the network management server comprises a trusted platform module that includes a secure cryptoprocessor that secures the network management server by integrating at least one cryptographic key into the network management server; and the network management server stores the public key of the aggregation device and the public key of the satellite device within the trusted platform module. 8 . The aggregation device of claim 1 , wherein the authentication module establishes a trusted network connection with the satellite device based at least in part on receiving the validation message. 9 . The aggregation device of claim 1 , wherein the authentication reply comprises a secure device identifier of the satellite device. 10 . The aggregation device of claim 9 , wherein the secure device identifier is formatted according to a version of the 802.1 AR protocol. 11 . A method comprising: receiving, from a satellite device, an authentication reply that: includes an original authentication message digitally signed by an aggregation device within a network using a private key of the aggregation device; and is digitally signed by the satellite device using a private key of the satellite device; forwarding the authentication reply to a network management server; receiving, from the network management server in response to forwarding the authentication reply, a validation message that: includes the original authentication message decrypted, by the network management server, using a public key of the aggregation device; includes the authentication reply decrypted, by the network management server, using a public key of the satellite device; and is digitally signed by the network management server using a private key of the network management server; and authenticating the satellite device based at least in part on receiving the validation message. 12 . The method of claim 11 , further comprising digitally signing the original authentication message using the private key of the aggregation device. 13 . The method of claim 12 , wherein receiving the authentication reply from the satellite device comprises receiving the authentication reply from the satellite device in response to transmitting the digitally signed original authentication message to the satellite device. 14 . The method of claim 11 , wherein the original authentication message comprises a secure device identifier of the aggregation device. 15 . The method of claim 14 wherein the secure device identifier corresponds to a secure device identifier that: a manufacturer of the aggregation device assigned to the aggregation device; and the manufacturer of the aggregation device signed with a private key of the manufacturer to validate the aggregation device. 16 . The method of claim 11 , further comprising: storing, by the aggregation device, the private key of the aggregation device within a trusted platform module comprising a secure cryptoprocessor that secures the aggregation device by integrating at least one cryptographic key into the aggregation device; and storing, by the satellite device, the private key of the satellite device within a trusted platform module comprising a secure cryptoprocessor that secures the satellite device by integrating at least one cryptographic key into the satellite device. 17 . The method of claim 11 , wherein: the network management server comprises a trusted platform module that includes a secure cryptoprocessor that secures the network management server by integrating at least one cryptographic key into the network management server; and the network management server stores the public key of the aggregation device and the public key of the satellite device within the trusted platform module. 18 . The method of claim 11 , further comprising establishing a trusted network connection with the satellite device based at least in part on receiving the validation message. 19 . The method of claim 11 , wherein the authentication reply comprises a secure device identifier of the satellite device. 20 . A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to: receive, from a satellite device, an authentication reply that: includes an original authentication message digitally signed by an aggregation device within a network using a private key of the aggregation device; and is digitally s