Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.
- Nipkow, T. (2006). Verifying a Hotel Key Card System. Theoretical Aspects of Computing - ICTAC 2006, 1–14. https://doi.org/10.1007/11921240_1
- author's copy