Security Builder GSE enables device manufacturers and software vendors to efficiently meet U.S. federal government requirements

Mississauga, Ontario (May 24, 2005) – With the recent FIPS 140-2 validation of Security Builder GSE-C, the Certicom Security Architecture makes it easier and faster for device manufacturers and software vendors to sell into the U.S. federal government. Regarded as the authority for strong, efficient cryptography, Certicom Corp (TSX: CIC) enables companies to add government-approved security to their products without undergoing the time-consuming and costly Federal Information Processing Standards (FIPS) process as set out by the National Institute of Standards and Technology (NIST).

Security Builder GSE includes the first FIPS 140-2-validated security module to include several elliptic-curve cryptography (ECC)-based algorithms such as Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key agreement, and the FIPS 186-2-validated elliptic-curve digital signature algorithm (ECDSA) for authentication. It supports the leading mobile and server platforms and includes cryptography implementations to help companies adopt the National Security Agency (NSA) Suite B public-key recommendations.

For the past few years, the U.S. government (through the NSA) has given its nod to elliptic-curve cryptography-based security schemes. With the recently announced NSA Suite B recommendations and entry into the FIPS validation process, ECC is poised to become the dominant public-key cryptography used to protect U.S. government information. By using ECC-based algorithms now, companies get a jump-start on meeting the government's new recommendations.

"The adoption of ECC within the U.S federal government is progressing quickly and Certicom is taking a leadership role in enabling companies to integrate ECC-based technology into their products," said Jim Alfred, director of product management at Certicom. "By selecting Certicom, companies not only qualify as having FIPS 140-2-validated modules, they also benefit from Certicom's efficient implementations and years of expertise in this area."

FIPS 140-2 validation is considered a benchmark for security in government. It assures users that a specific security technology has passed rigorous testing under the CAVP (Cryptographic Algorithm Validation Program) and CMVP (Cryptographic Module Validation Program) by an accredited third-party laboratory, and can be used to secure sensitive information.

Security Builder GSE acts as a software-based cryptographic provider within the Certicom® Security Architecture™ - a comprehensive, modular and portable solution designed to allow developers to quickly and cost-effectively embed security into applications, and across multiple families and generations of devices. The modular architecture allows the higher level toolkits, SSL, IPSec and PKI to utilize the Security Builder GSE module in FIPS mode. A common application programming interface (API) unifies Certicom's modules to create a plug-and-play security architecture.

For more information on the Certicom Security Architecture and Security Builder GSE, visit http://www.certicom.com/csa.

About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the U.S. government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact:

Investors and Analysts Media  
Hervé Séguin Brendan Ziolo  
Chief Financial Officer Director of Marketing  
(905) 501-3827 (613) 254-9267  
hseguin@certicom.com bziolo@certicom.com
Certicom, Certicom Security Architecture, Certicom CodeSign, Security Builder, Security Builder BSP, Security Builder API, Security Builder Crypto, Security Builder IPSec, Security Builder SSL, Security Builder PKI, Security Builder NSE and Security Builder GSE are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer’s products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom’s financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.