CERTICOM EARNS FIPS 140-2 VALIDATION FOR JAVA-BASED SECURITY MODULE

Certicom invests in government-approved solutions so device manufacturers and application developers can meet the latest U.S. government security requirements

MISSISSAUGA, Ontario – (November 22, 2005)– Certicom Corp. (TSX: CIC) today announced it has earned FIPS 140-2 Validation for the Java version of Security Builder GSE, certifying another module in its security solutions to help vendors sell into the government market. A Federal Information Processing Standards (FIPS) validation assures users that a given technology has passed rigorous testing as set out by the National Institute of Standards for Technology (NIST).

Certicom is the first company to offer FIPS 140-2 Validated security modules in both Java and C programming languages that also meet the National Security Agency's set of security recommendations known as Suite B.

Cryptographic algorithms such as AES, ECMQV and ECDSA are all part of the government lexicon, a list that continues to grow as the government tightens security for protecting classified and unclassified data. For companies not focused on security, it can be overwhelming to stay current with the latest requirements. By using the Certicom Security Architecture, application developers and device manufacturers can add government-approved security to their products without undergoing the time-consuming and costly Federal Information Processing Standards (FIPS) process while having the confidence that Certicom stays current with government requirements.

"According to analyst reports, government spending on security-related IT products is expected to reach $56 billion by 2009. For vendors who meet the stringent security requirements, that's an enormous opportunity," said Ian McKinnon, Certicom's president and CEO. "Certicom continues to make a significant investment in its security architectures so that our customers can quickly and easily meet government requirements without having to become security experts themselves."

Security Builder GSE acts as a software-based cryptographic provider within the Certicom® Security Architecture™ - a comprehensive, modular and portable platform designed to allow developers to quickly and cost-effectively embed security into applications, and across multiple families and generations of devices. The modular architecture allows the higher level toolkits, SSL, IPSec and PKI to utilize the Security Builder GSE module in FIPS mode. A common application programming interface (API) unifies Certicom's modules to create a plug-and-play security architecture.

About Certicom
Certicom protects the value of your content, software and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com
Certicom, Certicom Security Architecture, Certicom Trust Infrastructure, Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API, Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security Builder GSE, Security Builder IPSec, Security Builder NSE, Security Builder PKI and Security Builder SSL are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.