Validation of ECC-based algorithm another step in ECC standardization and widespread adoption

MISSISSAUGA, Ontario – (November 15, 2004)– Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that that its implementation for the Elliptic Curve Digital Signature Algorithm (ECDSA) has earned the Federal Information Processing Standards (FIPS) 186-2 validation certification No.1 -making it the first company to receive the designation for an elliptic curve cryptography (ECC) -based algorithm.

This validation is particularly valuable for original equipment manufacturers (OEMs) and software vendors who sell to government organizations. By using Certicom's ECDSA implementation in their products, they meet FIPS requirements without undergoing the time-consuming and costly testing process. ECDSA is used to build in digital signature functionality and is a faster alternative to legacy algorithms.

For the cryptography community, and in particular proponents of ECC, the testing of ECC as part of the FIPS validation process is a significant step in the adoption of this public key cryptosystem. Considered a benchmark for security in government, a FIPS validation assures users that a given technology has passed rigorous testing by an accredited third party lab as set out by the National Institute of Standards for Technology (NIST) and can be used to secure sensitive information. Typically, it drives wide-scale adoption in government and in commercial sectors, particularly in the financial and healthcare sectors that recognize the significance of FIPS validation. This milestone in ECC's evolution follows last year's announcement from the National Security Agency (NSA) that ECC is a 'crucial technology'. Both events are part of the U.S. Government's crypto modernization program.

"A major hurdle to widespread adoption of any security technology is standardization. We witnessed that 25 years ago with the Data Encryption Standard (DES) and now are seeing it play out with Advanced Encryption Standards (AES), the successor to DES," said Scott Vanstone, founder and executive vice-president, strategic technology at Certicom. "As a complementary cryptosystem to AES, we can expect the same for ECC. By testing ECC-based algorithms in the FIPS certification process, NIST added a level of assurance that says they've done the due diligence on it and now organizations can be very comfortable adopting it."

ECC is a computationally efficient form of cryptography that offers equivalent security to other competing technologies but with much smaller key sizes. This results in faster computations, lower power consumption, as well as memory and bandwidth savings, thereby making it ideal for today's resource-constrained environments.

Certicom is considered a pioneer in ECC research and implementations, backed by 20 years of experience. The company developed the industry's first toolkit to include ECC, which has since been adopted by over 300 organizations. Tomorrow it will host the Certicom ECC Conference 2004, the first-ever conference that brings together Elliptic Curve Cryptography researchers, industry experts and users. During the two-day conference, participants from North America, Europe and Asia will discuss the evolution of ECC and share best implementation practices and insights for future applications.

About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com
Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware,Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Forward-Looking Statements Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.