Certicom's ECC-based solutions enable government contractors to add security that meets NSA guidelines

MISSISSAUGA, Ontario – (March 2, 2005)– Elliptic Curve Cryptography (ECC), a strong, efficient public key cryptosystem, will soon become the standard to protect U.S. government communications. On February 16, 2005 at the RSA conference, the National Security Agency (NSA) presented its strategy and recommendations for securing U.S. government sensitive and unclassified communications. The strategy included a recommended set of advanced cryptography algorithms known as Suite B for securing sensitive but unclassified data.

The only public key protocols included in Suite B are Elliptic Curve Menezes-Qu-Vanstone (ECMQV) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement and Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication. The Advanced Encryption Standard (AES) for data encryption and SHA for hashing are also included. All of the Suite B algorithms are consistent with the National Institute of Standards and Technology (NIST) publications.

Interoperability and information sharing are two key principles in the NSA strategy. In his remarks, Daniel Wolf, the NSA's information assurance director discussed the importance of sharing information between departments and using consistent and strong standards to protect that information. The NSA recommends that the same level of security that is used to protect mission critical information-ECC-based protocols-now be extended to protect sensitive and unclassified data.

"The NSA strategy is major news for the security industry and all government agencies or suppliers because it sets the security standards for at least the next few decades. The NSA has stated that there are more than 1.3 million cryptographic devices in the U.S. inventory, over 75 percent of which will be replaced during the next decade under the U.S. Crypto Modernization Program," said Dr. Scott Vanstone, Certicom's founder & executive vice-president strategic technology. "A system is only as strong as its weakest link. By using the same high level of protection for all communications, especially security that is standards-based and interoperable, agencies and all organizations can establish a trusted system that is much harder to compromise."

ECC is a publicly-available algorithm and Certicom is known as the ECC pioneer and expert, having researched and developed ECC-based implementations and security for the past 20 years. In 1997, Certicom developed the industry's first toolkit to include ECC which has since been adopted by over 300 organizations. Today, its Certicom Security Architecture, a modular set of security services, software cryptographic providers (including a FIPS 140-2 Validated cryptographic module), and board support packages, enables device manufacturers and other government suppliers to easily add strong, efficient cryptography that meets the NSA recommendations and NIST publications.


Certicom Corp. (TSX: CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US government's National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com
Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware, Security Builder NSE, Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.