Browser-based code-signing application secures remote provisioning in wireless and cable environments

MISSISSAUGA, Ontario – (July 21, 2004) – Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced the release of Certicom CodeSign, a standards-based code signing application for firmware. Accessed through a web browser, CodeSign enables organizations like device manufacturers, wireless service providers and cables operators to remotely distribute over-the-air or wired network firmware updates and applications without fear of the introduction of any rogue code or viruses, thereby protecting content and revenue. In minutes, developers can quickly and easily install CodeSign to remotely provision devices, eliminating the need to upgrade software manually or replace devices.

Downloading malicious code in the process of updating code is a serious threat to organizations if users cannot verify the source or integrity of it. CodeSign overcomes these challenges by providing a mechanism to digitally sign firmware and then wrap both the code and the digital signature in a cryptographic envelope. CodeSign provides assurance that code has not been altered, infected or corrupted, and that it comes from a trusted source.

For some time, code signing has been used in the software arena, however CodeSign is a tool designed specifically for firmware. In developing CodeSign, Certicom relied on its extensive experience in embedding security on small devices and working with the industry's leading manufacturers. The result is a commercially supported application that supports a wide range of platforms and standards, such as 802.16/WiMAX, PCS/SCADA and CableLabs DOCSIS, and eliminates the need for extensive integration work. Its Java-based architecture provides the flexibility to accommodate changes, even modifications of industry standards.

"The Cabir worm demonstrated that mobile phones are the next big target for hackers. The Certicom CodeSign application will help device manufacturers and wireless service providers safeguard their firmware, alleviate the risk of service interruption, and provide a secure environment for updating firmware over-the-air with mProve," said Carla Fitzgerald, vice-president, marketing at Bitfone, the leading provider of software update solutions for mobile phones. "CodeSign is an essential component for achieving productive, efficient trust models for mobile device management."

Although CodeSign is primarily designed for use in mobile devices and cable systems, its use extends to any application where there is a need to remotely update firmware and applications, such as in the gaming industry. For example, CodeSign could be used to enforce internal security to prevent any modifications after code has been audited and signed off.

"Certicom has years of experience developing standards-based cryptography toolkits optimized for constrained environments. With CodeSign, we've channeled this expertise into an application that allows developers to quickly add digital signatures," said Roy Pereira, vice-president, marketing and product management at Certicom. "CodeSign is a sophisticated but easy-to-use tool that is an important component in trusted computing platforms. It helps systems operators, device manufacturers and other organizations protect content and save time and money."

CodeSign offers security and interoperability through a standards-based design. 
Standardized PKCS #10 requests for Code Verification Certifications submission to third party Certificate Authorities such as VeriSign, Thawte, GeoTrust or enterprise Certificate Authorities.
PKCS #1, 5, 7, 8, 10, 12, X.509 v3 certifications

To complete the security solution, device manufacturers and network operators need to embed PKI functionality to verify the signatures. Certicom's Security Builder PKI toolkit, in combination with Certicom CodeSign, provides that end-to-end solution.

Certicom CodeSign is available immediately and is priced with a license fee. For more information, visit http://www.certicom.com/codesign.

About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and XM Radio. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

# # #

Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. MOTOROLA and the Stylized M Logo are registered trademarks in the US Patent & Trademark Office. Java and all other Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. The Bluetooth trademarks are owned by their proprietor and used by Motorola, Inc. under license. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Forward-Looking Statements
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.

The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.

This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com