Trustpoint Offers Cutting-Edge Wireless PKI Solution that Interoperates with Legacy Systems

HAYWARD, Calif., January 16, 2001 - Certicom (Nasdaq: CERT; TSE: CIC), a leading provider of mobile e-business security, today announced the availability of Trustpoint(tm), a comprehensive suite of flexible public key infrastructure (PKI) products. Trustpoint allows today's enterprises to build wireless certificate capabilities to enable secure communication and digital signatures via personal digital assistants (PDAs), mobile phones and pagers. Trustpoint is a flexible PKI solution that allows an enterprise or OEM to implement secure leading-edge mobile commerce applications that interoperate with existing legacy PKI infrastructures. Certicom has brought Trustpoint to the e-business community to complement its current MobileTrust(tm) Certificate Authority (CA) service offering, resulting in an all-encompassing suite of PKI products to suit diverse business needs.

"There are separate requirements for wired and wireless PKI systems. With Trustpoint, Certicom offers a solution that is capable of managing the security needs of the desktop as well as handheld devices, such as Palm handhelds, RIM pagers and WAP-enabled phones, from a centralized point of control," said Rick Dalmazzi, President and CEO of Certicom. "Once again, Certicom is strengthening its position as the one stop security shop for the enterprise by offering a breakthrough wireless PKI solution that enables the new age of mobile commerce." 

The widespread adoption of wireless e-commerce services and the proliferation of Internet fraud are driving the need for advanced security. Analysts predict the number of m-commerce subscribers to skyrocket from fewer than a thousand in 1999 to more than 29 million in 2004, with the value of their transactions reaching close to $21 billion during the same period. In a move that helps catapult m-commerce into the marketplace, Congress recently approved a measure that made digital signatures legally binding. Digital signature verification (customer authentication) is the Internet equivalent of traditional hand-written signatures. PKI is the preferred method of security for wireless devices because it requires users to authenticate their device before any vital information can be transmitted. PKI enables legally binding transactions to be performed in mobile and online environments. 

"Internet fraud is quickly reaching epidemic proportions and threatens to slow the growth of wireless Internet applications," said Bob Lonadier, Director of Security Strategies with the Hurwitz Group. "PKI solutions like Trustpoint are an effective weapon in protecting against identity theft and reducing the risks of repudiation." Unlike current PKI products, Trustpoint provides an open, standards-based security architecture that seamlessly integrates into any existing wired or wireless security infrastructure. Trustpoint solves the problem of managing wired and wireless certificates within the enterprise and allows for next generation security technologies to easily be incorporated into legacy systems. Trustpoint is a flexible policy-based solution that accommodates real world business processes.

"The Trustpoint PKI portal is the first of its kind for wireless financial services and enables 724 Solutions' Financial Services Platform to interoperate with a wide range of existing PKI technologies and certificate authorities," said Ian Hobbs, Vice President, Product Line Management - Access, 724 Solutions. "Trustpoint allows us to build upon our security - quickly connecting with PKI technologies of the present and future - and remain the leader in offering secure wireless financial services solutions."

Fast Authentication
Trustpoint includes Certicom's industry leading implementations of Elliptic Curve Cryptography (ECC) as well as RSA, providing fast authentication of certificates and removing the performance drag that key generation and other authentication methods impose on both mobile devices and high volume servers. ECC is the smallest, fastest and most efficient cryptographic algorithm available today and, as a result, is the practical choice to secure wireless applications on platforms with limited memory, battery capacity and bandwidth. Based on open standards, Trustpoint also insures interoperability with both legacy and next-generation PKI infrastructures, and seamlessly manages both the wired and wireless components of the PKI system. This unprecedented flexibility allows an organization to implement any PKI management, administration or operations scheme. The end result for any organization using Trustpoint is a lower cost of authenticating and securing electronic signatures.

"As a world leader in software solutions for mobile business, Brokat provides secure, scalable and highly personalized access to information and transactions anytime, anywhere," said Eric Kintzer, Chief M (3) Officer at Brokat. "We believe that Certicom's Trustpoint PKI portal product supports Brokat's strategy to provide our customers with a trusted, secure environment for deploying cutting-edge wireless applications to millions of users." 

"Certicom is a leader in providing mobile e-business security solutions, and partnering with them makes w-Technologies the most viable option for businesses who deem security as the top priority," said Sergey Fradkov, CTO of w-Technologies. "Integrating Certicom's Trustpoint PKI product line with w-Technologies' mobile finance, enterprise, commerce, communications and content applications reinforces our mission to provide secure and comprehensive mobile business solutions to clients worldwide."

The Trustpoint Product Suite
The Trustpoint PKI Product Suite provides the first enterprise PKI solution that bridges the gap between wired and wireless environments. Trustpoint enables businesses that already have legacy PKI systems, or need to have one on-site, to seamlessly manage both wired and wireless digital certificates within one framework. Trustpoint's policy-editing features and ability to work with a variety of databases and directories provides the flexibility necessary for organizations to tailor certificate management and publication to specific business needs. Trustpoint, in conjunction with Certicom's recently launched MobileTrust CA service, places Certicom in the unique position of becoming the one stop shop for all PKI-based security needs.

Trustpoint CA - The Trustpoint Certificate Authority (CA) server provides a standards-based certificate issuance and management system for creating, issuing, publishing and revoking both wired and wireless public key certificates. Using standard IETF certificate management protocol (CMP) messages, the Trustpoint CA manages both WAP and x509 
certificates and supports the Chrysalis Luna(tm) 2 and CA3 tokens.

Trustpoint PKI Portal (RA) - The Trustpoint PKI Portal acts as a central repository that coordinates the collection, evaluation and integration of data from the various sources such as employees, customers, suppliers and business partners that are part of the certificate subject registration process. A complete, scalable and highly configurable solution for implementing a PKI registration authority (RA) infrastructure, Trustpoint allows both wired and wireless protocols to work together. It implements both WAP PKI and CMP standards, which enables it to give wireless devices access to existing wired PKI's. Via an easy-to-manage GUI, the Portal interfaces with sources requesting certificates and then processes request approval. The PKI Portal then calls upon the designated CA for final processing, certificate signing, and publishing. The Trustpoint Portal comes bundled with PKI Administrator software, used by security administrators to configure operational policies for the PKI system.

Trustpoint PKI Client - The Trustpoint PKI Client, installed on the mobile device, is used to communicate with existing registration and certificate authority components. Ideally suited for low-powered devices with limited processor power and memory, the client supports mutual authentication through the use of digital certificates and confidentiality by way of Certicom's industry leading ECC encryption. It also supports non-repudiation and transaction integrity through digital signatures. 

"We are focused on delivering wireless enterprise applications through our end-to-end solution, and recognize that customers deploying applications with sensitive information require the highest level of security," said John Troyer, Chief Strategy Officer of Neomar. "By supporting the Trustpoint client in our market-leading products we are able to protect our customer's high value transactions with full PKI capability."

Pricing and Availability
The Trustpoint PKI Product Suite is now available for purchase. For information on pricing, please contact Certicom at 510.780.5400 or visit their Website at http://www.certicom.com/.

About Certicom
Certicom is a leading provider of information security software and services, specializing in solutions for mobile e-business. The company's products and services are specifically designed to address the challenges imposed by a wireless data environment. Certicom's solutions incorporate its proprietary encryption technology and are based on industry standards for information security that utilize public key cryptography. Certicom's products are currently licensed to more than 125 customers including ePocrates, Inc., Motorola, Inc., NeoPoint, Inc., Nortel Networks, Openwave Systems, Inc., Palm, Inc., Pixo, Inc., QUALCOMM, Inc., Research In Motion Ltd. and Sony International (Europe) GmbH. Certicom's headquarters and worldwide sales and marketing operations are based in the Silicon Valley in Hayward. For more information, visit Certicom's Web site at 
http://www.certicom.com/.

Certicom, MobileTrust and Trustpoint are trademarks and/or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Except for historical information contained herein, this press release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce (mobile e-commerce), the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principle products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of third parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Securities and Exchange Commission and Canadian securities regulatory authorities including Certicom's current Annual Report on Form 10-K.

For further information, please contact: