Certicom’s Elliptic Curve Cryptography Helps Energy and Utility Companies More Effectively Address Environmental and Conservation Issues

MISSISSAUGA, Ontario – (May 20, 2008) – Certicom Corp. (TSX: CIC) today launched its new Certicom Device Authentication Service for ZigBee Smart Energy enabling secure, low cost, low bandwidth networking. The service uses Certicom’s Device Certificate Authority to issue Elliptic Curve Qu Vanstone (ECQV) implicit certificates based on Elliptic Curve Cryptography (ECC) to secure wireless data communications and authenticate smart metering devices. As utility providers around the world embrace smart metering for more efficient energy management and to address environmental concerns, it is critical to ensure that their networks are protected from unauthorized access and that customer information is properly secured.

ECC provides state-of-the-art encryption for resource-constrained applications including ZigBee Smart Energy devices. ZigBee is the standard for (IEEE) 802.15.4 wireless devices enabling low-cost, low-bandwidth, mass-market networks. The standard is regulated by the ZigBee Alliance with over 250 members worldwide. ZigBee members, including Certicom, developed the ZigBee Smart Energy public application profile to meet the requirements of wireless smart metering applications such as demand response, load control and energy efficiency programs.

“Certicom’s innovations in ECC-based security protocols have enabled a robust ZigBee Smart Energy security architecture. With power and memory footprint at a premium in ZigBee devices, ECC delivers the performance we require,” said Skip Ashton, Vice President of Engineering for Ember Corporation, a leading provider of ZigBee networking systems.“Certicom’s Certificate Authority helps ensure that only trusted devices have access to the utility network. Certicom’s optimized security libraries - tightly integrated with Ember’s development platform - make it easy for our customers to comply with ZigBee Smart Energy.”

“Requiring all devices to be authenticated with digital certificates provides a solid foundation of trust and interoperability for ZigBee Smart Energy,” said Jim Alfred, director of Product Management for Certicom. “Our new device authentication service makes it easier for metering companies to deploy and manage large mesh networks of smart metering devices.”

The Certicom Device Authentication Service provides a root of trust for ZigBee Smart Energy devices. The service delivers out-of-the-box security, lowering the total cost of ownership for utilities and metering companies while ensuring the integrity of the utility network.Certicom’s Device Authentication Service for ZigBee Smart Energy for bulk certificates will be available this month. Test certificates are available now. More information can be found at www.certicom.com.

About Certicom Device Authentication Service for ZigBee Smart Energy

At the heart of Certicom Device Authentication Service for ZigBee Smart Energy are Certicom’s Security Builder® MCE™ and Security Builder® Crypto™ products. Security Builder® MCE™ provides the cryptographic primitives required to create a trusted platform for microcontroller devices, thereby enabling wireless networks of devices that can be uniquely identified while allowing data to be securely sent to and retrieved from these devices. Security Builder® Crypto™ is optimized for small code size and includes a range of current and legacy algorithms that provide proven cryptographic security to constrained environments such as secure devices and applications.

ZigBee: Wireless Control That Simply Works

The ZigBee Alliance is an association of companies working together to enable reliable, cost effective, low-power, wirelessly networked, monitoring and control products based on an open global standard. The ZigBee Alliance membership comprises technology providers and manufacturers worldwide. Membership is open to all. Additional information can be found at www.zigbee.org.

About Certicom

Certicom protects the value of content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the global leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom’s corporate offices are in Mississauga, Ontario, Canada with worldwide sales and marketing headquarters in Reston, Virginia and offices in the U.S., Canada, Europe and China. Visit www.certicom.com.

For further information, please contact:

For Certicom:

John Conrad
Merritt Group Inc.

Certicom, Certicom Security Architecture, Certicom Trust Infrastructure, Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API, Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security Builder GSE, Security Builder IPSec, Security Builder NSE, Security Builder PKI and Security Builder SSL are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders. Information subject to change. Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Forward-looking information includes information concerning the Company's future financial performance, business strategy, plans, goals and objectives. When used in such documents, the words "plans", "expects", "budget", "scheduled", "estimates", "forecasts", "intends", "anticipates", "will", "believes" or variations of such words and phrases often, but not always, identify forward looking statements. Factors which could cause actual results or events to differ materially from current expectations include, among other things: the ability of the Company to successfully implement its strategic initiatives and whether such strategic initiatives will yield the expected benefits; the ability of the Company to develop, promote and protect its proprietary technology security breaches or defects in the Company's products; competitive conditions in the businesses in which the Company participates; changes in consumer spending; the outcome of legal proceedings as they arise; general economic conditions and normal business uncertainty; consolidation in the Company's industry and by its customers; customer preferences towards product offerings; the risk that customers may cancel their contracts with the Company; reliance on a limited number of customers; demand for ECC-based technology; performance of the Company's management team and the Company's ability to attract and retain skilled employees; operating the Company's business profitably; fluctuations in revenue and foreign currency exchange rates; interest rate fluctuations and other changes in borrowing costs; the ability to develop and maintain strategic relationships; and other factors identified under the heading "Risk Factors" in the Company's annual information form dated July 26, 2007 and filed on SEDAR at www.sedar.com.