An access control system is configured for data communication with at least a first remote service provider (eg power company, hospital with remote patient monitoring, security services company) via a wide area telecommunications network and for data communication with at least a first local device associated with the service provider (eg electricity meter, health monitoring device, home security system) via local data communication. The access control system is configurable to facilitate data communication between the first remote service provider and the first local device. The access control system comprises a gateway device and virtual machines VM1-VMN associated with at least one local device and at least one service provider. When a service provider requests connection with a local device, it supplies an identifier. The gateway rejects the connection request. However, the VM associated with the local device compares the identifier with a list of authorized identifiers and associated predefined addresses; and if it finds a match, it sets up a connection to the predefined address, thereby effectively calling back the service provider such that it may communicate with the local device.
