Cryptographic toolkit enables government contractors to add security that meets NSA guidelines to protect mission-critical information


MISSISSAUGA, Ontario – (November 15, 2004)– Government defence contractors got a helping hand today when Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, announced Security Builder® NSE™. This developer toolkit enables organizations to build applications and devices that meet the field-of-use guidelines set out by the National Security Agency (NSA) to protect mission-critical national security information. According to the NSA, there are over one million high-grade devices in the U.S. Government today that will need to be replaced to include security based on Elliptic Curve Cryptography (ECC).

At an Internet Engineering Task Force (IETF) meeting on November 11, the NSA presented their requirements for strong security over the next 50 years and further information about their licensing agreement with Certicom for its ECC-based intellectual property. The NSA presentation can be found at http://www.machshav.com/~smb/saag-11-2004/.

In October 2003, the NSA selected elliptic curve cryptography (ECC) as the public-key cryptosystem to meet these new, stronger security requirements under its crypto modernization program. The agency purchased licensing rights for 26 ECC-based patents from Certicom for a particular field-of-use, defined as implementations of ECC that are over GF (p), where p is a prime greater than 2255.

“This toolkit is a logical next phase for Certicom as it helps contractors meet the NSA guidelines for protecting the most critical government information. The agency has set out the guidelines and made the crypto licenses available to contractors. We’re now providing a tool to help developers integrate optimized security features that meet those guidelines,” said Ian McKinnon, president and CEO of Certicom.

With this toolkit, organizations can be assured of proven implementations backed by Certicom, a team of cryptographic experts that has focused on optimizing public-key cryptosystems for almost two decades. The Security Builder NSE toolkit covers the technology that was part of the 26 patents licensed by the NSA plus optimized implementations that enable developers to meet the NSA field-of-use guidelines and FIPS 140-2 validation requirements.

The toolkit, which is available in C code, includes:
• Elliptic curve digital signature algorithm (ECDSA) (FIPS-validated) for digital signatures; 
• Elliptic curve Menezes-Qu-Vanstone (ECMQV) for key agreement and transport; 
• SHA-1 and SHA-2 (FIPS-validated) for hashing;
• Advanced encryption standard (AES) (FIPS-validated) for strong encryption;
• Random number generation (RNG) (also FIPS-validated); 
• Point compression for size and performance efficiencies; and
• Support for Windows and Linux platforms.

Security Builder NSE is part of the Certicom Security Architecture, which unifies all of Certicom’s existing toolkits across a single API and enables developers to quickly migrate their applications to whichever cryptographic module is required.

Pricing and Availability
Security Builder NSE will be available in the first quarter of 2005 and priced at a one-time license fee with no royalties starting at US$50,000 per project in the field-of-use plus support and maintenance. A free license for the patents in the NSA field-of-use is available from the NSA or Certicom. Visit www.certicom.com/securitybuildernse.

About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware,Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Forward-Looking Statements
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.

The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.

This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com