Cloud device identification and authentication

What is claimed is: 1. A non-transitory computer-readable storage medium storing instructions that when executed by a computer processor of a handheld device cause the handheld device to: capture an image of an optical code affixed to a network device, wherein the optical code encodes a unique identifier for the network device and a secret string for locally connecting to the network device; display a list of selectable device sites to a user based on a geographical location of the network device; obtain a user-specified device site that is a logical networking environment within which the network device is to operate; determine whether the unique identifier corresponds to a known device based on a list of known devices; and responsive to the optical code's unique identifier corresponding to the known device, provision the network device to operate in the user-specified device site, wherein provisioning the network device comprises: communicating the secret string to the network device to establish a trusted session with the network device and establish an authentication key shared between the network device and the handheld device; and communicating the authentication key to a remote server to allow the remote server to authenticate the network device. 2. The storage medium of claim 1 , wherein the unique identifier includes the network device's media access control (MAC) address. 3. The storage medium of claim 2 , wherein the optical code encodes the network device's MAC address in encrypted form. 4. The storage medium of claim 1 , wherein the instructions, when executed by the computer processor of the handheld device, wherein communicating the secret string to the handheld device to prove physical possession of the network device. 5. The storage medium of claim 1 , wherein when the instructions, when executed by the computer processor of a handheld device to cause the handheld device to determine whether the unique identifier corresponds to a known device, further cause the handheld device to decode the unique identifier from the optical code and to determine whether the unique identifier is a known identifier. 6. The storage medium of claim 1 , wherein the network device includes a wireless access point for configuring the network device. 7. The storage medium of claim 6 , wherein when the instructions, when executed by the computer processor of a handheld device to cause the handheld device to provision the network device, further cause the handheld device to decode the secret string from the optical code, wherein the secret string is communicated to the network device as an authentication password for accessing the network device's access point. 8. The storage medium of claim 6 , wherein the wireless access point is configured to have a default service set identifier (SSID) that corresponds to an unprovisioned device. 9. The storage medium of claim 8 , wherein the instructions, when executed by the computer processor of a handheld device, further cause the handheld device to search for the unprovisioned device by accessing the default SSID. 10. The storage medium of claim 1 , wherein the instructions further cause the handheld device to refrain from provisioning the network device to operate in the user-specified device site when it is determined that the unique identifier does not correspond to a known device. 11. The storage medium of claim 1 , wherein the instructions further cause the handheld device to present a plurality of device sites for a user to choose from. 12. The storage medium of claim 1 , wherein the storage medium storing instructions are further configured to cause the handheld device to search for unprovisioned devices by accessing a default service set identifier (SSID). 13. A non-transitory computer-readable storage medium storing instructions that when executed by a computer processor of a handheld device cause the handheld device to: capture an image of an optical code affixed to a network device, wherein the optical code encodes a unique identifier for the network device and a secret string for locally connecting to the network device; display a list of selectable device sites to a user based on a geographical location of the network device; obtain a user-specified device site that is a logical networking environment within which the network device is to operate; determine whether the unique identifier corresponds to a known device based on a list of known devices; and responsive to the optical code's unique identifier corresponding to the known device, provision the network device to operate in the user-specified device site, wherein provisioning the network device comprises: communicating the secret string to the network device to establish a trusted session with the network device and establish an authentication key shared between the network device and the handheld device; and after the network device communicates the authentication key to a remote server to authenticate the network device, receiving confirmation of authentication of the network device from the remote server.