Communication is facilitated between a plurality of servers (101,102,103) and a plurality of local devices (204,206,207,208,210). An apparatus comprises a first
network interface for communicating with the servers, a second
network interface for communicating with the local devices, and a
microcontroller having a processor, memory, a cryptographic engine for carrying out cryptographic calculations, and a tamper-resistance element configured to
resist tampering with the apparatus. A plurality of programs, each comprising instructions and data, are stored in the memory. The processor is configured to, for a first local device, identify a first program which is associated with the first local device, and using the first program, provide a secure communications channel between the first local device and a first
server. The processor is unable to accept commands from any other of the programs to access or change the first program, and the processor is unable to
route messages over the secure communications channel that are not from or to the first local device and the first
server.