nCipher to use ECC in hardware security modules to meet enterprise demand and government requirements

MISSISSAUGA, Ontario – (October 3, 2005)– Certicom Corp. (TSX: CIC) today announced that nCipher has licensed Certicom's intellectual property portfolio to meet customer demand for elliptic curve cryptography (ECC) and also to meet the latest requirements from the National Security Agency (NSA) for securing classified and unclassified government communications. This agreement allows nCipher to use ECC and other related Certicom patents as the public-key security technology in its hardware security modules and software solutions.

Increasingly, corporations and government organizations are using ECC to protect mission critical applications and in turn want ECC keys protected in hardware security modules (HSM)-nCipher's core business. HSMs are used by organizations to protect cryptographic key material from physical or electronic tampering thereby ensuring that an organization's keys are secure and the software security mechanisms themselves are protected. nCipher's unique SecurityWorld™ key management architecture is now able to protect ECC keys throughout their complete lifecycle.

"The adoption of ECC has turned a corner during the past 18 months and is increasingly demanded by many of our customers. This is a sure sign that the market for ECC has matured and is beginning to go mainstream," said Dr Nicko van Someren, chief technology officer at nCipher. "The heightened awareness for security has led to a desire to better understand cryptographic systems. Not only has the NSA recognized the value of ECC, customers too appreciate the value it offers in terms of strength, efficient size and longevity."

nCipher has built its reputation on meeting customer needs and industry standards. The company's HSMs are flexible with support for many application programming interfaces (API) including PKCS #11, and multiple curves from NIST and ANSI, as well as custom curves. nCipher's HSMs are validated to FIPS 140-2 level 3 and nCipher was the second company to receive FIPS 186-2 Validation for ECDSA (Certicom was number one). Now through this agreement with Certicom, nCipher will also meet the complete NSA Suite B requirements.

The NSA specifications-known as Suite B-require ECC for key agreement and digital signatures and the advanced encryption standard (AES) for encryption[1]. Suite B is one of the initiatives undertaken by the U.S. government under its Crypto Modernization Program to promote interoperability while ensuring strong security to protect government communications.

"As a leading player in the security industry, nCipher understands cryptography and the value of ECC," said Ian McKinnon, president and CEO of Certicom. "By supporting the ECC algorithms being used by its customers and by meeting NSA's Suite B requirements, nCipher continues to stay at the forefront of its industry, offering best-in-class security solutions for the government and commercial sectors."

ECC is a computationally efficient form of cryptography that offers equivalent security to other competing technologies but with much smaller key sizes. This results in faster computations, lower power consumption, as well as memory and bandwidth savings, thereby making it ideal for today's resource-constrained environments. Certicom's patent portfolio covers many key aspects of cryptography and ECC in particular, including software optimizations, efficient hardware implementations, methods to enhance the security, and various cryptographic protocols.

nCipher's range of HSMs protects cryptographic keys in a highly secure hardware environment, enabling them to be effectively managed and safely stored. Every nCipher HSM has received an independent FIPS 140-2 security validation, the de facto security benchmark for cryptographic modules.

nCipher currently supports ECC in the nShield™ 800 and netHSM™ 800 model HSMs. The products feature FIPS-validated implementation of ECDSA plus support for ECDH key exchange protocol. nCipher's customers have already successfully deployed ECC-capable HSMs in a variety of security-critical market applications such as ID and passport issuance and digital media distribution. The products are suitable for both use with commercial security applications and the development of custom application logic using CipherTools™ and CodeSafe™ toolkits. nShield 800 and netHSM 800 are available from stock.

About nCipher 

nCipher is a leading provider of cryptographic security, enabling our customers to meet the challenges of verifying identity, protecting data and complying with security regulations. nCipher's solutions provide a unified approach to cryptographic management providing strict access controls and high assurance trusted processing, overcoming traditional issues of scalability, performance and weak platform security. The world's leading organizations work with nCipher to protect security critical systems such as web site infrastructure, online banking and payment processing networks, PKI, web services, databases and digital rights management schemes.

nCipher is the winner of the Microsoft Security Solution of the Year award 2004. The company is listed on the London Stock Exchange (LSE:NCH) and is a member of the FTSE TechMARK and index with offices in Cambridge, UK; Boston, Washington, Hamburg and Tokyo. For more information on nCipher, visit www.ncipher.com

About Certicom
Certicom Corp. (TSX:CIC) Certicom Corp. (TSX: CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the U.S. government's National Security Agency (NSA), Certicom technologies for Elliptic-Curve Cryptography (ECC) provide the most security per bit of any known public-key scheme, making it ideal for resource-constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com
  1. For more information on Suite B, refer to the recently published information on the NSA site at: http://www.nsa.gov/ia/industry/crypto_suite_b.cfm?MenuID=10.2.7. For information on why the NSA choose ECC, visit: http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm?MenuID=10.2.7
Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware,Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.