EXPERTS CHALLENGE INDUSTRY TO IMPROVE DATA SECURITY BY MATCHING CRYPTOGRAPHIC SCHEMES

Participants in third annual Certicom ECC Conference discuss security issues, solutions and evolving security standards

MISSISSAUGA, Ontario – (November 16, 2006) – Data security may be a priority for most executives but the cryptographic schemes many are using have fundamental weaknesses. This was one of the recurring issues raised at the Certicom ECC Conference, which concludes today in Toronto, Ontario. For three days, some of the finest minds in cryptography and the security industry, representing Canada, the United States, Europe and Asia, discussed security issues, real-world applications of cryptography and evolving security standards.

The participants agreed that while most security executives use the Advanced Encryption Standard (AES) with 128 bits of security, for optimal security they also need to ensure that the corresponding public-key scheme for key management and authentication matches the AES in strength. Cryptography is a basic component used in security mechanisms to protect data in consumer electronics, wireless devices and semiconductors as well as other applications used in financial services and government markets.

“If large corporations or manufacturers are spending millions of dollars on research and content generation, wouldn’t they want to ensure that the public-key scheme they are using isn’t a weak link in the overall security architecture?” asked Dr. Scott Vanstone, Certicom founder and EVP Strategic Technology and one of the keynote speakers. “Elliptic curve cryptography (ECC) is the only public-key cryptosystem that scales linearly with AES providing the desired protection without compromising performance.”

ECC implementations are used to protect content, securely transmit data and enable digital signatures on documents and transactions. Its small size is a main driver behind its popularity. During the conference, speakers discussed their specific use of ECC in their applications and standards. For example, Microsoft discussed the use of ECC in Windows Vista; Motorola its mobile devices; Philips the DisplayPort Content Protection (DPCP) scheme; Pitney Bowes its postal meters; and Research In Motion the BlackBerry.

Another common topic was the growing importance of Suite B, the National Security Agency’s cryptographic recommendations for protecting the U.S. Government’s classified and unclassified communications. The only public key protocols included in Suite B are ECC-based.

“Suite B offers high security for government but flexibility for commercial applications. Given these attributes, we believe that Suite B represents best practices not only for government applications but also in industry,” said Vanstone. 
During the first day of the conference, Herb Little, director of BlackBerry Security at Research In Motion, received the Certicom ECC Visionary Award. The annual award highlights an individual's contribution to the advancement of ECC through his research and/or product development.

For information or to register for next year’s ECC Conference scheduled for November 13-15, 2007 in Toronto, visit: www.certicom.com/conference2007.

About Certicom
Certicom protects the value of your content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com

Certicom, Certicom ECC Core, Certicom Security Architecture, Certicom Trust Infrastructure, Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API, Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security Builder GSE, Security Builder IPSec, Security Builder MCE, Security Builder NSE, Security Builder PKI and Security Builder SSL are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders. Information subject to change.

Forward-Looking Statements
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.

The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.

This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.

For further information, please contact:

For Certicom    
Lisa Courtney Lloyd    
Jolita Communications    
(613) 271-7512    
tim@zingpr.com