JavaCard, enabling/disabling install without risk of bricking?

Question

Assuming I wanted to switch between two INSTALL states; 1. you can install applets and 2. you cannot install applets. And I wanted to guarantee that a device cannot be bricked in the latter state, is this possible?

As I understand it changing the devices key from the default key means only the person in possession of that key can make changes. This satisfies the first question. I can just change the key. But for the second question, how can do I know the device won't be bricked by repeatedly bashing it with the wrong key later?

I'm making this assumption - that it would be bricked - because GP Pro warned when trying to list the contents of a card with a non-default key that any further effort could disable it.

Answer 1

Velocity allowed number of failed authentications or velocity checks for authentication attempts is usually a proprietary (pre-)personalization step, so consult your card documentation.

Answer 2

GlobalPlatform Card Specification, Version 2.3, Public Release, October 2015:

9.6.7.1 Content Loading and Installation The OPEN may keep track of the number of unsuccessful consecutive attempts of the Card Content load and installation process by a particular Application and the total number of such attempts by all Applications. Actions may include such defensive measures as the locking or termination of the card.

Global Platform does not specify security countermeasures, but be assured that bad things happen each time you try a wrong Global Platform Secure Channel session key key, e.g. if EXTERNAL AUTHENTICATE has a wrong Host cryptogram.