Bluefire Security Integrates Certicom’s FIPS 140-2 Validated Cryptographic Module to Offer New Solutions that Meet Stringent Government Security Requirements

MISSISSAUGA, Ontario, Canada and BALTIMORE, Md. (December 2, 2003) – Certicom Corp. (TSX: CIC), a leading provider of wireless security solutions, and Bluefire Security TechnologiesTM today announced a partnership to further the adoption of secure wireless technologies in enterprise and government organizations. Under the pact, Bluefire will extend the capabilities of its flagship product, Bluefire Mobile Firewall Plus, by integrating Security Builder GSE, Certicom’s FIPS 140-2 Validated cryptographic module, as the core security provider in order to meet stringent government security requirements.

“We are proud to add Bluefire to the growing list of companies that have recognized Certicom’s proven ability to provide strong security that meets government requirements now and in the future, ” said Tony Rosati, vice-president, marketing and product management of Certicom. “By using Security Builder GSE, Bluefire is expanding its market to include government agencies and demonstrating its leadership in secure communications using wireless devices.”

By integrating Security Builder GSE, Bluefire can offer new solutions that enable U.S. government agencies to securely mobilize critical data and applications on handheld devices. Considered the benchmark for security within government departments and agencies, FIPS 140-2 Validation assures users that products provide the highest level of protection for their sensitive information.

“In light of mounting Homeland Security concerns and the sensitive nature of the information transmitted via government channels, it is critical that agencies prevent outsiders from accessing confidential data housed on wireless devices,” said Tom Goodman, vice president of operations for Bluefire. “Certicom’s FIPS 140-2 Validated cryptographic module expands Bluefire’s handheld security platform, enabling us to offer new solutions that help the government close the backdoor to the enterprise that is created when an unprotected handheld device interfaces with their networks. By shoring up defenses at the device level, agencies can take full advantage of the efficiencies and capabilities that wireless technologies provide.”

Today’s announcement also fuels future collaboration between Certicom and Bluefire in the mobile security space. By signing an Affinity Partner agreement, the companies plan to continue working together to promote end-to-end wireless handheld security solutions that prevent unauthorized enterprise access using handhelds as a backdoor and minimize organizational exposure to PDA and smartphone vulnerabilities.

About Bluefire Mobile Firewall Plus
Bluefire Mobile Firewall Plus is uniquely designed to secure both handheld devices and the enterprise networks to which they connect. Its rules-based personal firewall engine resides on the device, is easy to configure and customize, and protects against multiple attacks. In addition, the solution provides real-time logging and alerting of all device-level activities, which allow administrators and end-users to detect intrusions and identify attack methods for quick and effective problem isolation.

About Bluefire Security Technologies
Bluefire Security TechnologiesTM develops security software that protects handheld devices and data. The company’s flagship product, Bluefire Mobile Firewall Plus, is the industry’s first complete security solution for handheld devices, providing firewall, intrusion prevention, integrity management, encryption, authentication and policy-based enterprise security management features that enable the safe use of mobile and wireless applications. Bluefire’s technology is being deployed across a wide-array of mobile enterprises including those in government, health care and the high-tech industry. Bluefire Mobile Firewall Plus is available for purchase on the federal GSA schedule (GS-35F-0279J) and SEWP III contract. For more information, visit www.bluefiresecurity.com or call (410) 637-8160.

About Security Builder GSE
Security Builder GSE, a complete FIPS 140-2 Validated cryptographic module, enables developers and manufacturers to meet government security requirements without having to submit their application through the lengthy and costly FIPS approval process. Security Builder GSE also includes FIPS-approved algorithms and is the core cryptographic module for all movian security applications.

About Certicom
Certicom is a leading provider of wireless security solutions, enabling developers, governments and enterprises to add strong security to their devices, networks and applications. Designed for constrained devices, Certicom’s patented technologies are unsurpassed in delivering the strongest cryptography with the smallest impact on performance and usability. Certicom products and technologies are currently licensed to more than 300 customers including Cisco Systems, Motorola, the National Security Agency, Palm, Research In Motion, Sony Ericsson and Texas Instruments. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, , movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer’s products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom’s financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities. 

For further information, please contact: