Certicom Security Architecture for Government provides integrated suite of security toolkits that ensure critical FIPS 140-2 and ECC compliance

MISSISSAUGA, Ontario – (December 6, 2004)– Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, has extended its Certicom Security Architecture™, enabling developers to embed a FIPS 140-2-validated cryptographic module into their products and be eligible for sale into the federal government market. The Certicom Security Architecture also provides developers with an efficient way to enhance new and existing applications with elliptic curve cryptography (ECC) and meet the field-of-use guidelines set out by the National Security Agency (NSA) to protect mission-critical national security information.

The adoption of ECC within the U.S. federal government is proceeding rapidly, and Certicom is taking a leadership role in enabling agencies and government contractors to integrate the strongest security technology into their products. The comprehensive Certicom Security Architecture provides a bridge between legacy crypto systems and ECC, and gives developers the flexibility to standardize code among different security environments and platforms - maximizing code re-use and portability. This flexibility also means developers will not need to redesign their solutions to meet future government crypto requirements.

"Hardware and software developers are increasingly realizing that compliance with regulatory requirements for security is a pressing concern," said Dr. Jerry Krasner, vice president and chief analyst at Embedded Market Forecasters (www.embeddedforecast.com), the premier market intelligence and advisory firm in the embedded technology industry. "A cost-effective approach is to use a tool that ensures compliance with FIPS 140-2 requirements and eliminates the potentially costly step of third-party FIPS validation of a device or application."

Strong security is a key requirement across all networked applications and devices. The Certicom Security Architecture allows developers who may have little security expertise to add FIPS 140-2 validated security to their solutions while avoiding the time and expense of the FIPS 140-2 validation process. A common application programming interface (API) unifies Certicom's proven developer toolkits to create a plug-and-play security architecture that includes higher level protocol functionality that can operate in FIPS mode, such as SSL and PKI.

"Certicom Security Architecture for Government makes it easy for OEMs, ISVs and integrators to sell products into the government sector that meet strict government security requirements, including FIPS 140-2 and ECC," said Roy Pereira, vice-president, marketing and product management at Certicom. "The National Security Agency is committed to making elliptic curve cryptography the most widely used public-key cryptosystem for securing U.S. government information. Certicom is committed to providing the technology and tools to make that possible."

The Security Builder developer toolkits integrated into the Certicom Security Architecture for Government include: 
• Security Builder® GSE™, a FIPS 140-2-validated cryptographic toolkit; 
• Security Builder® NSE™, a cryptographic toolkit for national security information;
• Security Builder® Crypto™, a cross-platform cryptographic toolkit;
• Security Builder® PKI™, a digital certificate management toolkit; 
• Security Builder® SSL™, a complete Secure Sockets Layer toolkit; and
• Security Builder® IPSec™, a client-side virtual private network toolkit.

Certicom Security Architecture for Government is available immediately, except for Security Builder NSE which is available in Q1 2005. For more information, visit http://www.certicom.com/gov.

About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the U.S. government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com
Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware,Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Forward-Looking Statements Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.