Security Builder GSE enables developers to quickly add a FIPS 140-2 validated cryptographic module to their government solutions

MISSISSAUGA, Ontario –(November 11, 2003)– Certicom Corp. (TSX: CIC), a leading provider of wireless security solutions, today announced that Security Builder® GSE™, Certicom’s core developer toolkit for government, has earned the Federal Information Processing Standards (FIPS) 140-2 certification for the Palm OS 4.1 platform (certificate #351). This makes Security Builder GSE the first developer toolkit to provide a FIPS 140-2 validated module for multiple handheld operating systems. In June, Certicom announced FIPS 140-2 validation on Microsoft Windows and Microsoft Windows CE operating systems.

By supporting multiple platforms, Security Builder GSE allows system integrators and original equipment manufacturers to use a common API to quickly and easily embed FIPS validated security into their devices and applications.

Security Builder GSE is the core cryptographic module for all Certicom security applications which means movianVPN™ GSE for Palm and movianCrypt™ GSE for Palm also meet government security requirements. These products are particularly important to government agencies that need to securely extend their networks to wireless handhelds but are required to use only FIPS 140-2 validated applications.

FIPS is considered a benchmark for security within U.S. and Canadian government departments and agencies and is becoming a de facto standard internationally. Products must undergo rigorous testing by an accredited independent lab to satisfy the governments’ standards. FIPS 140-2 is awarded through the National Institute of Standards and Testing (NIST) and the Canadian Communication Security Establishment (CSE).

“ We’re extremely pleased Certicom has received FIPS 140-2 validation on the Palm platform. This will now make it easier for government workers to better integrate their Palm-powered handhelds into their secure networks,” said John Inkley, director of federal sales for palmOne. “Mobile workers want more than just secure access to email. They want access to corporate information and applications too. This validation provides not one, but many alternative solutions for everything from secure push e-mail to backend database access and updates. Now users can do it with the confidence that their security meets the government’s most stringent guidelines.” Since 1997, Certicom and Palm have worked together to enable mobile workers to protect sensitive information with a high level of security, without compromising the speed and flexibility of wireless devices.

“ Certicom makes it easy for agencies to adhere to the strict security guidelines mandated by the government while still using the platform of their choice,” said Tony Rosati, Certicom’s vice-president, marketing and product management. “This certification extends our relationship with Palm and underscores our commitment to provide strong security solutions for multiple platforms without impacting performance.”

Along with standard cryptography algorithms such as DES, 3DES, AES, SHA-1 and the RSA public key algorithm, Security Builder GSE also includes Elliptic Curve Cryptography (ECC), a public-key cryptography technique approved by the U.S. government and many standards organizations including ANSI, IETF, IEEE and NIST. Last month, the National Security Agency purchased licensing rights to some of Certicom’s ECC intellectual property to protect mission critical national security information.

Security Builder GSE is available immediately and is priced with a license fee and royalties based on the number of devices. For more information, visit www.certicom/gov.

About Certicom
Certicom is a leading provider of wireless security solutions, enabling developers, governments and enterprises to add strong security to their devices, networks and applications. Designed for constrained devices, Certicom’s patented technologies are unsurpassed in delivering the strongest cryptography with the smallest impact on performance and usability. Certicom products are currently licensed to more than 300 customers including Texas Instruments, Palm, Research In Motion, Cisco Systems, Oracle and Motorola. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Herndon, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, , movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer’s products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom’s financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities. 

For further information, please contact: