Security Builder GSE enables device manufacturers and software vendors to efficiently meet U.S. federal government requirements

Mississauga, Ontario (May 24, 2005) – With the recent FIPS 140-2 validation of Security Builder GSE-C, the Certicom Security Architecture makes it easier and faster for device manufacturers and software vendors to sell into the U.S. federal government. Regarded as the authority for strong, efficient cryptography, Certicom Corp (TSX: CIC) enables companies to add government-approved security to their products without undergoing the time-consuming and costly Federal Information Processing Standards (FIPS) process as set out by the National Institute of Standards and Technology (NIST).

Security Builder GSE includes the first FIPS 140-2-validated security module to include several elliptic-curve cryptography (ECC)-based algorithms such as Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key agreement, and the FIPS 186-2-validated elliptic-curve digital signature algorithm (ECDSA) for authentication. It supports the leading mobile and server platforms and includes cryptography implementations to help companies adopt the National Security Agency (NSA) Suite B public-key recommendations.

For the past few years, the U.S. government (through the NSA) has given its nod to elliptic-curve cryptography-based security schemes. With the recently announced NSA Suite B recommendations and entry into the FIPS validation process, ECC is poised to become the dominant public-key cryptography used to protect U.S. government information. By using ECC-based algorithms now, companies get a jump-start on meeting the government's new recommendations.

"The adoption of ECC within the U.S federal government is progressing quickly and Certicom is taking a leadership role in enabling companies to integrate ECC-based technology into their products," said Jim Alfred, director of product management at Certicom. "By selecting Certicom, companies not only qualify as having FIPS 140-2-validated modules, they also benefit from Certicom's efficient implementations and years of expertise in this area."

FIPS 140-2 validation is considered a benchmark for security in government. It assures users that a specific security technology has passed rigorous testing under the CAVP (Cryptographic Algorithm Validation Program) and CMVP (Cryptographic Module Validation Program) by an accredited third-party laboratory, and can be used to secure sensitive information.

Security Builder GSE acts as a software-based cryptographic provider within the Certicom® Security Architecture™ - a comprehensive, modular and portable solution designed to allow developers to quickly and cost-effectively embed security into applications, and across multiple families and generations of devices. The modular architecture allows the higher level toolkits, SSL, IPSec and PKI to utilize the Security Builder GSE module in FIPS mode. A common application programming interface (API) unifies Certicom's modules to create a plug-and-play security architecture.

For more information on the Certicom Security Architecture and Security Builder GSE, visit http://www.certicom.com/csa.

About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the U.S. government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact: