Certicom's ECC-based solutions enable government contractors to add security that meets NSA guidelines

MISSISSAUGA, Ontario – (March 2, 2005)– Elliptic Curve Cryptography (ECC), a strong, efficient public key cryptosystem, will soon become the standard to protect U.S. government communications. On February 16, 2005 at the RSA conference, the National Security Agency (NSA) presented its strategy and recommendations for securing U.S. government sensitive and unclassified communications. The strategy included a recommended set of advanced cryptography algorithms known as Suite B for securing sensitive but unclassified data.

The only public key protocols included in Suite B are Elliptic Curve Menezes-Qu-Vanstone (ECMQV) and Elliptic Curve Diffie-Hellman (ECDH) for key agreement and Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication. The Advanced Encryption Standard (AES) for data encryption and SHA for hashing are also included. All of the Suite B algorithms are consistent with the National Institute of Standards and Technology (NIST) publications.

Interoperability and information sharing are two key principles in the NSA strategy. In his remarks, Daniel Wolf, the NSA's information assurance director discussed the importance of sharing information between departments and using consistent and strong standards to protect that information. The NSA recommends that the same level of security that is used to protect mission critical information-ECC-based protocols-now be extended to protect sensitive and unclassified data.

"The NSA strategy is major news for the security industry and all government agencies or suppliers because it sets the security standards for at least the next few decades. The NSA has stated that there are more than 1.3 million cryptographic devices in the U.S. inventory, over 75 percent of which will be replaced during the next decade under the U.S. Crypto Modernization Program," said Dr. Scott Vanstone, Certicom's founder & executive vice-president strategic technology. "A system is only as strong as its weakest link. By using the same high level of protection for all communications, especially security that is standards-based and interoperable, agencies and all organizations can establish a trusted system that is much harder to compromise."

ECC is a publicly-available algorithm and Certicom is known as the ECC pioneer and expert, having researched and developed ECC-based implementations and security for the past 20 years. In 1997, Certicom developed the industry's first toolkit to include ECC which has since been adopted by over 300 organizations. Today, its Certicom Security Architecture, a modular set of security services, software cryptographic providers (including a FIPS 140-2 Validated cryptographic module), and board support packages, enables device manufacturers and other government suppliers to easily add strong, efficient cryptography that meets the NSA recommendations and NIST publications.

ABOUT CERTICOM

Certicom Corp. (TSX: CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US government's National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.

For further information, please contact: