Security Builder GSE is First Public Key Toolkit Awarded FIPS 140-2 Certification for Windows CE 

Mississauga, Ontario (June 3, 2003) – Certicom Corp. (TSX: CIC), a leading provider of wireless security solutions, today announced that Security Builder® GSE, Certicom’s core developer toolkit for constrained devices, has earned the Federal Information Processing Standards (FIPS) 140-2 certification for Windows and Windows CE, making it the first solution to receive the designation for use on both PC-based and wireless operating systems. Because Security Builder GSE is the core cryptographic module for all Certicom Security Applications, movianVPN™ GSE, movianCrypt™ GSE and movianMail™ GSE also now meet government security requirements. 

Considered the benchmark for security within government departments and agencies, the FIPS 140-2 certification assures users that Security Builder GSE provides the highest level of protection for their sensitive information. FIPS 140-2 is awarded by the American and Canadian governments through the National Institute of Standards and Testing (NIST) and the Canadian Communication Security Establishment (CSE). Products must undergo rigorous testing by an accredited independent lab to satisfy the governments’ stringent standards.

“This certification – the first for a wireless operating system – once again positions Certicom in the forefront in providing security development tools and mobile security applications to the government and enterprise,” said Ian McKinnon, President and CEO of Certicom. “The FIPS designation, together with our recent contract to work with the National Security Agency (NSA), underscores our commitment and success in providing security solutions for government’s sensitive information.” 

In April, Certicom announced that it is working with the NSA in Maryland to research and develop advanced security technology and tools for protecting classified information. 

"Certicom’s Security Builder GSE toolkit provides a great solution for developers who need to create secure, FIPS-compliant solutions on Windows Powered mobile devices,” said Rick Engle, Mobile Solutions Program Manager for Microsoft Government. “This enables more users to enjoy the benefits of Windows Powered devices like the Pocket PC and SmartPhone for local storage of confidential data as well as secure, wireless communications.” 

The movian products allow companies, such as Microsoft, to extend critical business applications and technology to wireless devices securely. System integrators and OEMs will also benefit from the certification because they now can build FIPS 140-2 certified products using Security Builder GSE.

Along with standard cryptography algorithms such as DES, 3DES, AES, SHA-1 and the RSA public key algorithm, Security Builder GSE also includes Elliptic Curve Cryptography (ECC), a public-key cryptography technique approved by the U.S. government and many standards organizations including ANSI, IETF, IEEE and NIST. Certicom’s ECC implementation is ideal for supporting the Advanced Encryption Standard (AES), since the key sizes scale linearly, resulting in stronger security and improved performance over legacy systems. This is important since it enables the securing of wireless devices that are limited by low processing speed, memory, and battery power.

movianVPN GSE for Windows CE and movianMail GSE for Windows CE will be available Q2/03 and movianCrypt GSE for Windows CE will be available later this year with pricing determined by the number of seats. Security Builder GSE for Windows and Windows CE is available this month and is priced with a license fee and royalties based on the number of devices. Further platform certification is anticipated for Security Builder GSE later this year with Palm OS. For more information, visit www.certicom/gov.

About Certicom
Certicom is a leading provider of wireless security solutions, enabling developers, governments and enterprises to add strong security to their devices, networks and applications. Designed for constrained devices, Certicom’s patented technologies are unsurpassed in delivering the strongest cryptography with the smallest impact on performance and usability. Certicom products are currently licensed to more than 300 customers including Texas Instruments, Palm, Research In Motion, Cisco Systems, Oracle and Motorola. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Herndon, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, SSL Plus, Trustpoint, movian, movianVPN, movianCrypt, and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer’s products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom’s financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities. 

For further information, please contact: