Certicom Security Brings FIPS 140-2 Certification, ECC Performance Advantages to Nortel Application Server 5300

MISSISSAUGA, Ontario – (September 29, 2008) – NortelTM has licensed security technology from Certicom (TSX: CIC) to enhance cryptographic performance and simplify creation of FIPS 140-2 certified applications with its newest Unified Communications platform for U.S. Federal Government agencies. 

This includes Certicom’s Suite B Power Bundle with Elliptic Curve Cryptography (ECC). Nortel plans to integrate Certicom ECC algorithms into its Application Server 5300, bringing this open, Session Initiation Protocol (SIP)-based software platform into conformance with U.S. National Security Agency (NSA) recommendations for cryptographic implementation. 

Nortel has also licensed Certicom’s Security Builder® GSE™, which provides a pre-approved FIPS 140-2 cryptographic module for application development, saving both development time and cost of certification. 

Generally available since early this month, Nortel Application Server 5300 is designed to provide unified IP telephony, conferencing, voice mail and instant messaging that meets stringent federal government security and service assurance requirements. Certicom’s technology adds a scalable, high-performance crypto system at low cost and with low overhead. 

“We’re experts at developing solutions that meet or exceed the most rigorous security requirements,” said Chuck Saffell, chief executive officer, Nortel Government Solutions, which provides networking solutions and IT services for a number of U.S. Federal agencies. 

“Adding Certicom technology to Nortel’s Application Server 5300 makes a strong solution even stronger for government agencies seeking to maintain high security and reliability while moving their networks to VoIP and Unified Communications,” Saffell said.

FIPS 140-2 is the security requirement for cryptographic modules as defined by the National Institute of Standards for Technology (NIST). The standard is required for sale of products implementing cryptography to the U.S. Federal Government. Companies that lack a FIPS 140-2 validation and are unable to prove that such a validation is being obtained will not be able to access the government market with their products.

Suite B is the set of cryptographic algorithms recommended by the NSA to secure classified and unclassified communications. In 2005, the NSA recommended ECC as the public key crypto system to protect government communications. Known as Suite B, these recommendations are part of an initiative to upgrade the security infrastructure of government communications to meet present and future security needs. ECC is used in a growing number of sectors ranging from networking, consumer electronics, wireless devices and semiconductors to government and financial services. 

Certicom’s industry-leading experience shortens the Licensee’s time to market, while making their products more secure and reliable by providing security updates through Certicom’s world class support organization. Another benefit of Certicom’s ECC technology is optimized quality and performance of encrypted communications. 

“As federal government customers embrace Unified Communications with Nortel’s Application Server 5300, they can be confident that they have the highest level and best performing encryption available,” said Jim Alfred, director of product management for Certicom. 

About Certicom
Certicom manages and protects the value of content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the global leader in ECC, Certicom’s security offerings are currently licensed to hundreds of multinational technology companies, including IBM, General Dynamics, Motorola, Oracle and Research In Motion. Founded in 1985, Certicom’s corporate offices are in Mississauga, Ontario, Canada with worldwide sales and marketing headquarters in Reston, Virginia and offices in Europe and Asia. Visit www.certicom.com.

Certicom Safe Harbor Statement
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Forward-looking information includes information concerning Certicom's future financial performance, business strategy, plans, goals and objectives. When used in such documents, the words "plans", "expects", "budget", "scheduled", "estimates", "forecasts", "intends", "anticipates", "will", "believes" or variations of such words and phrases often, but not always, identify forward looking statements. Factors which could cause actual results or events to differ materially from current expectations include, among other things: the ability of Certicom to successfully implement its strategic initiatives and whether such strategic initiatives will yield the expected benefits; the ability of Certicom to develop, promote and protect its proprietary technology security breaches or defects in Certicom's products; competitive conditions in the businesses in which Certicom participates; changes in consumer spending; the outcome of legal proceedings as they arise; general economic conditions and normal business uncertainty; consolidation in Certicom's industry and by its customers; customer preferences towards product offerings; the risk that customers may cancel their contracts with Certicom; reliance on a limited number of customers; demand for ECC-based technology; performance of Certicom's management team and Certicom's ability to attract and retain skilled employees; operating Certicom's business profitably; fluctuations in revenue and foreign currency exchange rates; interest rate fluctuations and other changes in borrowing costs; the ability to develop and maintain strategic relationships; and other factors identified under the heading "Risk Factors" in Certicom's annual information form dated July 21, 2008 and filed on SEDAR at www.sedar.com.



For further information, please contact:
John Conrad
Merritt Group, Inc.        
703-390-1538
conrad@merrittgrp.com