CERTICOM SELLS LICENSING RIGHTS TO NSA

MISSISSAUGA, Ontario – (October 24, 2003) – Certicom Corp. (TSX: CIC), a leading provider of wireless security solutions, today announced that the National Security Agency (NSA) in Maryland has purchased extensive licensing rights to Certicom’s MQV-based Elliptic Curve Cryptography (ECC) intellectual property. ECC is becoming a crucial technology for protecting national security information.

This agreement will give the NSA a nonexclusive, worldwide license with the right to grant sublicenses of MQV-based ECC covered by many of Certicom’s US patents and applications and corresponding foreign rights in a limited field of use. The field of use is restricted to implementations of ECC that are over
GF(p), where p is a prime greater than 2256. Outside the field of use, Certicom will retain all rights to the technology for other industries that require the same levels of security, including state and local government agencies. Certicom will continue its policy of making its intellectual property available to implementers of ECC under normal commercial terms on a non discriminatory basis.

Researchers have been studying ECC for almost 20 years as the next generation of public-key technology. ECC is a computationally efficient form of cryptography that offers equivalent security to other competing technologies but with much smaller key sizes. This results in faster computations, lower power consumption, as well as memory and bandwidth savings.

“Certicom is a pioneer in researching and developing ECC,” says Scott Vanstone, founder and executive vice-president, strategic technology at Certicom. “Over 15 years ago, Certicom was founded to research and develop the strongest security possible. This makes us ideally positioned to provide manufacturers, that build government communications equipment and applications, with the tools they need to deliver ECC-based security solutions to the government market. Certicom is committed to work with the commercial sector in making our intellectual property and technology available to the security industry at large.”

In 1997, Certicom developed the industry’s first toolkit to include ECC which has since been adopted by over 300 organizations. Security Builder Crypto, a cross-platform cryptographic toolkit, includes standards-based ECC implementations that are optimized for size and performance on over 30 platforms.


“Certicom is committed to providing technology that meets the U.S. Government’s highest standards to secure and protect its most sensitive information,” said Ian McKinnon, president and CEO of Certicom. “With NSA’s decision to purchase a license from Certicom for MQV-based ECC, Certicom is well-positioned to drive the adoption of our technologies and intellectual property in new markets that need strong security. This contract, valued at US$25 million, has been facilitated through the CCC (Canadian Commercial Corporation), Canada's export contracting agency.”

Companies and Government Departments or Agencies wishing to develop security products implementing ECC to protect national security related systems and/or information or other mission critical information related to national security under this licensing agreement should submit the details of their requirements to the Director, National Security Agency (Attn: IA Directorate, V1). NSA will employ established development programs (e,g. NSA sponsored developments, the Commercial COMSEC Endorsement Program (CCEP), or User Partnership Programs) to develop and certify ECC for these requirements.

About CCC
CCC (Canadian Commercial Corporation) is a Crown Corporation mandated to facilitate international trade, particularly in government markets. CCC’s approach is based on ‘three Cs’: credibility, confidence, contracts. CCC builds confidence in Canadian exports by giving them the credibility of a government-backed performance guarantee that opens doors and leads to contracts with improved terms. Normally CCC acts as a Prime Contractor, signing a contract with the foreign buyer and a matching contract with the exporter. CCC also assists exporters to increase their pre-shipment working capital from commercial sources, and offers a range of procurement, pre-contract, contract advisory and post-contract services on a fee for service basis. Visit www.ccc.ca.

About Certicom
Certicom is a leading provider of wireless security solutions, enabling developers, governments and enterprises to add strong security to their devices, networks and applications. Designed for constrained devices, Certicom’s patented technologies are unsurpassed in delivering the strongest cryptography with the smallest impact on performance and usability. Certicom products are currently licensed to more than 300 customers including Texas Instruments, Palm, Research In Motion, Cisco Systems, Oracle and Motorola. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Herndon, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, , movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.

Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer’s products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom’s financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities. 

For further information, please contact: 

Media: For Certicom: For Investors/Analysts:
Tim Cox Brendan Ziolo Hervé Séguin
ZingPR Certicom Corp. Chief Financial Officer, Certicom Corp.
(650) 369-7784 (613) 254-9267 (905) 501-3827
tim@zingpr.com bziolo@certicom.com hseguin@certicom.com