STANDARDS FOR EFFICIENT CRYPTOGRAPHY GROUP (SECG) ANNOUNCE NEW INITIATIVES

Elliptic Curve Cryptography protocol test site and test certificate authority to promote interoperability and facilitate faster time to-market

MISSISSAUGA, Ontario – (February 9, 2005)– Two new initiatives being spearheaded by the Standards for Efficient Cryptography Group (SECG) will help developers quickly and effectively test elliptic curve cryptography (ECC)-based implementations to facilitate faster time-to-market, according to Certicom, a founding member of SECG. Announced today, an ECC protocol test site and certificate authority (CA) will be available to SECG members in the spring of 2005.

The SECG, an industry consortium, was founded in 1998 to develop commercial standards that facilitate the adoption of efficient cryptography and interoperability across a wide range of computing platforms. Where standards already exist, SECG may promote a refined, peer-reviewed profile of the broader standard to promote adoption and interoperability. The SECG also provides guidance to governments and organizations that are developing cryptographic standards.

The initiatives announced today include:

  • ECC protocol test site: developers will be able to vet their protocol implementations against reference implementations to test interoperability. Each test-such as Transport Layer Security (TLS) and S/MIME protocols-has been peer-reviewed by the leading ECC and protocol authorities.
  • ECC-based certificate authority: the group will issue free ECC-based certificates for testing and prototyping.

"SECG's role is to make it easier to use ECC by promoting practical standards, interoperability and by providing mechanisms to test implementations and prototypes," said William Lattin, chair of SECG. "Recent developments, such as advances in the cryptographic world and U.S. government security initiatives, have elevated the need for ECC and for resources like ours."

"The work of SECG is valuable resource for companies committed to ECC," says Gloria Navarre, senior architect, Unisys Global Security Practice. "As Unisys develops next-generation ECC applications, such as our solutions to help banks embrace image exchange in check processing, and transform payments operations as a whole, we can take advantage of the expertise, interoperability and testing standards that SECG offers to provide new levels of security to our clients and their customers."

"SECG enables access to proven and effective algorithms and protocols to secure a communication channel between computers. It is particularly important when communicating computers have limiting computational resources and when the bandwidth of the channel has limiting capacity. This is the case of important mailing applications where Pitney Bowes has established a strong leadership position worldwide. In addition SECG allows to have a common foundation for all communication security needs regardless of the limiting factors. This in turn enables interoperability between a broad variety of applications," said Dr. Leon Pintsov, Pitney Bowes Fellow and vice president, International Standards and Advanced Technology.

ECC, a computationally efficient form of cryptography, is used in a growing number of sectors ranging from consumer electronics, embedded devices and semiconductors to government and financial services. Several changes have spurred the adoption of ECC. The first is the need for a stronger public-key cryptosystem that doesn't affect performance. For example, a high security encryption algorithm like the Advanced Encryption Standard (AES) demands equivalent security for the accompanying digital signatures and key exchanges. To achieve this level of security without overwhelming the processors of most mobile devices, developers would need ECC, which offers equivalent security to other competing technologies but with much smaller key sizes. The second is the National Security Agency's recent decision to name ECC the public-key cryptosystem needed to meet the new, stronger security requirements under its crypto modernization program.

The SECG is open to all interested parties who are willing to contribute to the ECC standards development process. To become a member of the SECG, simply send an email to the SECG mailing list ( secg-talk-request@lists.certicom.com) with the word "SUBSCRIBE" in the subject line. To find out more about SECG and to download the latest standards, visit www.secg.org, or visit us at the RSA conference, in the Certicom booth #430, February 14-18, Moscone Center, San Francisco.

About SECG
The Standards for Efficient Cryptography Group (SECG) is an industry consortium for the development of standards based upon Elliptic Curve Cryptography (ECC). It was chartered to develop commercial standards that specify the basis for creating interoperable, cost-effective security solutions across a wide range of computing platforms. The SECG was founded in 1998 by Certicom and currently includes member companies such as: Entrust, Fujitsu, Pitney Bowes, Unisys and Visa International. Visit www.secg.org.

About Certicom
Certicom Corp. (TSX: CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US government's National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Visit www.certicom.com.

About Pitney Bowes
Pitney Bowes is the world's leading provider of integrated mail and document management systems, services and solutions. The $5 billion company helps organizations of all sizes efficiently and effectively manage their mission-critical mail and document flow in physical, digital and hybrid formats. Its solutions range from addressing software and metering systems to print stream management, electronic bill presentment and presort mail services. With approximately 33,000 employees worldwide, Pitney Bowes serves more than 2 million businesses through direct and dealer operations. For more information about Pitney Bowes please visit http://www.pb.com.

About Unisys
Unisys is a worldwide information technology services and solutions company. Our people combine expertise in consulting, systems integration, outsourcing, infrastructure and server technology with precision thinking and relentless execution to help clients, in more than 100 countries, quickly and efficiently achieve competitive advantage. For more information, visit www.unisys.com.

Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware,Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Forward-Looking Statements
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.

The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.

This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com