Certified Products Give Government Agencies the Ability to Easily Add Security to Wireless Applications, Devices and Networks

Mississauga, Ontario (October 9, 2002) – Certicom Corporation (TSX: CIC), a leading provider of wireless security solutions, today announced a new suite of software applications and toolkits that meet strict government security standards. Using Certicom Government Security Edition (GSE) products, government agencies can protect sensitive information from hackers by securing wireless applications and network access, as well as confidential data contained on mobile devices.

Certicom’s new product offering consists of three main products: Security Builder® GSE, movianVPN™ GSE and movianCrypt™ GSE. The movian products give government agencies the ability to extend existing security polices to wireless devices, giving mobile workers access to vital information. Security Builder GSE, when coupled with Certicom’s Professional Services Group, can be used to easily develop, customize and integrate security capabilities into any government application.

“For most government agencies, the lack of appropriate security is the main reason to prohibit the use of mobile devices despite the obvious advantages. Today, the technology and standards are in place to provide secure wireless communications,” says Ian McKinnon, President and CEO of Certicom. “Our GSE products give agencies a real edge in deploying next generation wireless security solutions that support the toughest government standards.”

According to an approved lab, Certicom GSE products meet the FIPS 140-2 standard and are awaiting final certification by the National Institute of Standards and Technology (NIST). FIPS certification is a prerequisite for many government agencies to purchase security products while the community at large values products that have completed the evaluation of an independent third party. FIPS certification is achieved by adhering to a set of standards and guidelines developed by the NIST in the U.S. FIPS certification has also been adopted by the Canadian Security Establishment (CSE) in Canada, to ensure the quality of security products.

“Achieving FIPS validation is a critical benchmark for any product being sold into the government,” says Miles E. Smid, Director of Security Technology at CygnaCom Solutions.

The Certicom GSE offering is based on Elliptic Curve Cryptography (ECC), a public-key cryptography technique approved by the U.S. government and many standards organizations including ANSI, IETF, IEEE and NIST. Certicom’s ECC implementation is ideal for supporting the Advanced Encryption Standard (AES), since the key sizes scale perfectly, and results in stronger security with improved performance over legacy systems. This is extremely important for securing wireless devices that are limited by low processing speed, network bandwidth, and battery power.

“Government agencies have been demanding more robust and flexible wireless security offerings,“ says Tim Needles, President of Onix Networking Corp., a government reseller and GSA schedule holder for Certicom products. “Certicom is the leader in this market and with its new GSE offering will extend the capabilities of the mobile government worker.”


Certicom GSE products have the following features:

• Security Builder GSE is a cryptography toolkit based upon FIPS-certified algorithms including AES. This cryptographic module forms the foundation for Certicom’s movian products while enabling SIs or OEMs to build other FIPS certified products. Security Builder GSE is at the final stages of FIPS-140-2 certification and has successfully completed certification for its DES, 3DES, AES and SHA-1 algorithms.
• movianVPN GSE allows users to capitalize on the convenience of wireless connectivity without compromising security. This IPsec-based VPN client provides a cost-effective solution for extending network access using existing VPN infrastructures. movianVPN is built on Security Builder GSE for high performance and to ensure interoperability with popular VPN gateways.
• movianCrypt GSE integrates a password-based user login system with strong encryption technology to achieve data security on your Palm OS or Pocket PC device. Built on Security Builder GSE, movianCrypt uses AES, one of the strongest algorithms, to encrypt data as it is stored, and decrypt data as it is accessed.
  

Certicom GSE products are available through the GSA schedule and will be shipping in November. A version of Security Builder GSE with the FIPS-approved algorithms is available immediately. For more information, visit www.certicom.com/gov.

About Certicom
Certicom is a leading provider of wireless security solutions, enabling developers, governments and enterprises to add strong security to their devices, networks and applications. Designed for constrained devices, Certicom’s patented technologies are unsurpassed in delivering the strongest cryptography with the smallest impact on performance and usability. Certicom products are currently licensed to more than 300 customers including Texas Instruments, Palm, Research In Motion, Cisco Systems, Oracle and Motorola. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Herndon, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, SSL Plus, Trustpoint, movian and movianVPN are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

For further information, please contact: