Certicom's cryptographic plug-in allows OpenSSL applications to be Suite B and FIPS compliant

MISSISSAUGA, Ontario- (June 26, 2007) Certicom (TSX: CIC) today announced Security Builder API for Open Source to help OpenSSL developers easily add elliptic curve cryptography (ECC) to their applications. The SSL shim, or abstraction layer, allows developers to plug SSL applications into Certicom's software cryptographic providers that include elliptic curve and Suite B algorithms as well as a pre-approved FIPS-140-2 cryptographic module.

The small size of ECC algorithms is the main driver behind its growing popularity in both commercial and government sectors. This efficiency (more security per bit) offers performance improvements with little impact on battery life and memory. For example, the use of 224-bit ECC in OpenSSL could increase performance by 3x on Apache Web Servers, resulting in 3x as many transactions being processed in a given timeframe[1]. OpenSSL is the security layer used by Apache Web Server, the most dominant Web server on the Internet.

The efficiency of ECC also results in a longer cryptographic life span, which was one of the main drivers behind the National Security Agency (NSA) identifying ECC-based security mechanisms in Suite B, the recommended guidelines for protecting government communications.

"ECC offers tremendous performance and security advantages and we're providing an easy way for developers to add it to their SSL application without the need to re-code," said Jim Alfred, director of product management at Certicom. 
Security Builder API for Open Source is a cost-effective way for OpenSSL developers to support ECC, including Suite B algorithms, and be FIPS 140-2 compliant. Pricing depends on the customer's platform requirements and includes developer licenses, royalties, and support services. It is available immediately. For more information, visit www.certicom.com.

[1] Tests conducted by Sun Microsystems and presented at the RSA Conference, 2007

About Certicom

Certicom protects the value of your content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales and marketing headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com

For further information, please contact:

For Certicom:
John Conrad
Merritt Group Inc.

Certicom, Certicom ECC Core, Certicom Security Architecture, Certicom Trust Infrastructure, Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API, Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security Builder GSE, Security Builder IPSec, Security Builder MCE, Security Builder NSE, Security Builder PKI and Security Builder SSL are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders. Information subject to change.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Factors which could cause actual results or events to differ materially from current expectations include, among other things: the ability of the Company to successfully implement its strategic initiatives and whether such strategic initiatives will yield the expected benefits; the ability of the Company to develop, promote and protect its proprietary technology security breaches or defects in the Company's products; competitive conditions in the businesses in which the Company participates; changes in consumer spending; the outcome of legal proceedings as they arise; general economic conditions and normal business uncertainty; consolidation in the Company's industry and by its customers; customer preferences towards product offerings; the risk that customers may cancel their contracts with the Company; reliance on a limited number of customers; demand for ECC-based technology; performance of the Company's management team and the Company’s ability to attract and retain skilled employees; operating the Company's business profitably; fluctuations in revenue and foreign currency exchange rates; interest rate fluctuations and other changes in borrowing costs; the ability to develop and maintain strategic relationships; and other factors identified under the heading "Risk Factors" in the Company's annual information form dated July 26, 2006 and filed on SEDAR at www.sedar.com.