Certicom’s Two-Dimensional Bar Code Technology Ensures Customer Privacy While Introducing New Efficiencies to the Travel Experience

MISSISSAUGA, Ontario – (April 16, 2008) Certicom Corp. (TSX: CIC) today announced that Continental Airlines, the world’s fifth largest airline, has selected Certicom’s two-dimensional (2D) bar code technology, based on Elliptic Curve Cryptography (ECC).

Leveraging Certicom’s bar code technology, Continental became the first U.S. airline to enable its customers to check-in and board flights using their secure mobile devices – such as a cell phone or PDA. This benefit is part of a larger bar code technology initiative being considered by the International Air Transport Association (IATA).

While many airlines today use 2D bar codes on boarding passes, the technology is not implemented universally. To expedite this migration, IATA has set a deadline for the end of 2010 for full implementation of 2D bar code technology. According to IATA, bar code technology could save the airline industry more than $500 million annually.

Certicom’s ECC-based technology offers new benefits when compared with today’s RSA encryption. Most notably, ECC key sizes are much smaller – 163 bits versus 1024 bits for RSA – offering the most security-per-bit of any public key cryptographic algorithm. As a result, a smaller signature is added to the bar code, requiring less “real estate” on printed tickets or mobile device screens. The Certicom solution uses standards-based digital signatures which are capable of providing authentication and customer privacy, allowing personal passenger information, i.e., a passenger’s frequent flyer or drivers’ license number, to be securely encrypted within the digital signature.

For Continental, having a smaller, more secure bar code is critical for mobile device check-in and boarding simply because small barcodes scan more reliably, reducing scan errors and saving valuable time at security checkpoints. Using less space for signatures provides more room for passenger and airline data, making Certicom digital signature technology ideal. “Continental is able to deliver a consistent, reliable experience to all customers using mobile boarding passes as a result of the technology provided by Certicom,” said Jared Miller, Director, Customer Self-Service, Continental Airlines.

Certicom Security for Bar Code Authentication is a solution that addresses key management, authentication, privacy and infrastructure security requirements in one comprehensive package for solution providers, end users and bar code reader manufacturers. The solution offers “anywhere, anytime” authentication and data encryption by bar code readers that are off-network – a common scenario in many bar code applications. Furthermore, the solution can support RFID and 2D bar codes simultaneously, enabling companies to bolster the security behind their logistics tracking efforts even more.

“Two-dimensional bar code technology is rapidly growing in popularity because it is inexpensive to implement and provides much more security than one-dimensional bar codes, which are commonly used for product identification,” said Mike Harvey, Senior Product Management for Certicom. “This technology has the ability to be used in a wide range of travel industry applications, including mobile and web-based ticketing. In addition, it applies not just to people traveling, but also to the larger air freight industry including baggage carriers where barcodes can contain private passenger or shipment information.Certicom’s solution protects the privacy of the traveler and ensures the authenticity of the package, all in real-time without having to rely on distant online databases.”

About Certicom Security for Bar Code Authentication

There are three vital components at the heart of Certicom’s Security for Bar Code Authentication offering: the Certicom Signing Appliance, the Certicom Authentication Agent and the Certicom Key Management Service. The Certicom Signing Appliance is a robust metered signing appliance that uses standards-based digital signatures to add authentication and privacy to bar codes with high-speed performance. The Certicom Authentication Agent is a software library for decrypting and storing keys on leading handheld devices running WinCE .NET. The Certicom Key Management Service is a key management and application provisioning service that is underpinned by Certicom’s off-line Certificate Authority (CA) and capable of updating fielded RFID and bar code readers.

About Certicom

Certicom protects the value of content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the global leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, Ontario, Canada with worldwide sales and marketing headquarters in Reston, Virginia and offices in the U.S., Canada, Europe and China. Visit www.certicom.com.

For further information, please contact:

For Certicom:
John Conrad
Merritt Group Inc.

Certicom, Certicom Security Architecture, Certicom Trust Infrastructure, Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API, Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security Builder GSE, Security Builder IPSec, Security Builder NSE, Security Builder PKI and Security Builder SSL are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders. Information subject to change.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Forward-looking information includes information concerning the Company's future financial performance, business strategy, plans, goals and objectives. When used in such documents, the words "plans", "expects", "budget", "scheduled", "estimates", "forecasts", "intends", "anticipates", "will", "believes" or variations of such words and phrases often, but not always, identify forward looking statements. Factors which could cause actual results or events to differ materially from current expectations include, among other things: the ability of the Company to successfully implement its strategic initiatives and whether such strategic initiatives will yield the expected benefits; the ability of the Company to develop, promote and protect its proprietary technology security breaches or defects in the Company's products; competitive conditions in the businesses in which the Company participates; changes in consumer spending; the outcome of legal proceedings as they arise; general economic conditions and normal business uncertainty; consolidation in the Company's industry and by its customers; customer preferences towards product offerings; the risk that customers may cancel their contracts with the Company; reliance on a limited number of customers; demand for ECC-based technology; performance of the Company's management team and the Company's ability to attract and retain skilled employees; operating the Company's business profitably; fluctuations in revenue and foreign currency exchange rates; interest rate fluctuations and other changes in borrowing costs; the ability to develop and maintain strategic relationships; and other factors identified under the heading "Risk Factors" in the Company's annual information form dated July 26, 2007 and filed on SEDAR at www.sedar.com.