Certicom technology supports re-keying function, leading gateways and popular platforms

MISSISSAUGA, Ontario – (January 24, 2006)–Switching between WiFi and cellular access points without dropping the secure virtual private network (VPN) session is a major challenge faced by dual-mode hand-set manufacturers. Varaha overcomes this issue with software that provides a transparent "re-keying" function and is using Certicom's Security Builder IPSec technology to provide the secure VPN session for voice and data applications over existing IP infrastructure, Certicom Corp. (TSX: CIC) today announced. Re-keying is the ability to switch from different networks (e.g. WiFi, UMTS, GPRS) without losing the signal or compromising security.

The ability to support re-keying is just one of several reasons that Varaha chose Certicom. Interoperability is another. Certicom's IPSec technology supports popular gateways, including those from Nortel, Cisco and Checkpoint, as well as leading platforms, such as Windows CE and Symbian, thereby giving manufacturers flexibility and choice in building their devices. Security Builder IPSec also supports the Internet Engineering Task Force (IETF) IKEv2, a proposed protocol to exchange the cryptographic keys used to encrypt data over an IPSec tunnel.

"Convergence offers great promise of lower costs for the end user but it is more susceptible to attacks than conventional telephone systems. By building strong security into our solution, we help gateway vendors and device manufacturers overcome that hurdle," said Prasad Govindarajan, CTO of Varaha. "Technically, Certicom's IPSec technology provides the flexibility and strength we need. And, from our customers' perspective, we offer an IPSec VPN that is backed by a team with 20 years of experience in proven security technology."

Certicom's experience has resulted in an IPSec module that help companies like Varaha build a VPN client that is one-tenth the size of desktop versions but with equivalent functionality. It is one of several security services modules that comprise the Certicom Security Architecture, a comprehensive, modular and portable solution designed to allow developers to quickly and cost-effectively embed security across multiple families and generations of devices.

"An early entrant in the convergence market, Varaha is leading the way with its emphasis on strong, efficient security," said Ian McKinnon, president and CEO of Certicom. "By working with Certicom, Varaha offers its customers the confidence that the security used has been tried and proven."

Under the agreement, Varaha will pay a one-time license fee, entitling them to deploy a fixed number of seats. The agreement provides for additional revenue through royalties.

About Varaha
Varaha Systems, an emerging leader in mobile Convergence Industry, continues to operate in stealth mode with a revenue track record. The company's flagship product, the Service Convergence Appliance (SCA) has been deployed for Secure data handoff capability from Wi-Fi to Cellular (GPRS/EDGE, 1xRTT/EV-DO, etc.), Wi-Fi Access Point to Access Point and Wi-Fi packet network to Cellular circuit-switched network handoffs for over 12 months in mission critical applications. The company is well positioned to lead the Wireless Convergence market with completion of a successful trial with one of the top five wireless service providers in the world and multiple ongoing enterprise deployments. Varaha Systems international headquarters is in Dallas, Texas with R&D facility in India and sales offices in Europe and Dallas. Company can be reached through the web site at or by email

About Certicom
Certicom protects the value of your content, software and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales headquarters in Reston, VA and offices in the US, Canada and Europe. Visit

Certicom, Certicom Security Architecture, Certicom Trust Infrastructure, Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API, Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security Builder GSE, Security Builder IPSec, Security Builder NSE, Security Builder PKI and Security Builder SSL are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.