Certicom Launches First Device Certificate Authority for Next-Generation Crypto

Certicom's Elliptic Curve Cryptography Certificate Authority to Benefit Device
Manufacturers and Service Providers

    MISSISSAUGA, ON, Jan. 22 /PRNewswire-FirstCall/ - Certicom Corp. (TSX:
CIC) today launched its new Certicom Device Certificate Authority (CA), a
managed service offering that issues digital certificates to high-volume
device manufacturers that have bulk certificate requirements. This service
will benefit manufacturers that produce devices such as HDTVs, cable set-top
boxes, mobile handsets and security-sensitive low-power sensor and control
devices.
    As new devices communicate more sensitive data and process critical
transactions the need to authenticate device identities has become
increasingly important. Digital certificates issued by a trusted authority
provide an enhanced level of authentication that can not be achieved by
cryptography alone.
    Certicom's service is capable of issuing digital certificates based on
Elliptic Curve Cryptography (ECC), as well as legacy RSA. ECC offers the most
security-per-bit of any public key cryptographic algorithm. Due to its
strength, ECC is being adopted in a growing number of security standards for
content protection, wireless networking, and resource constrained
applications.
    The device certificate authority gives customers the option to obtain
ECC-based certificates, including highly compact and efficient Elliptic Curve
Qu-Vanstone "Implicit Certificates", from a trusted commercial authority. All
certificates are issued using policies and procedures that have been developed
to the ISO 27001 security standard. Once a service order has been approved by
the customer, and authenticated by Certicom, the order is fulfilled by a
Certicom operations team within a Certicom secured facility.
    "With our Certicom Device CA service, device manufacturers can leverage
the performance of ECC-based certificates to secure data and communications
without the cost of developing and maintaining their own certificate
authority," said Jim Alfred, Director of Product Management for Certicom.
"Adopting ECC to secure your applications has never been easier."
    About Certicom
    Certicom protects the value of content, applications and devices with
government-approved security. Adopted by the National Security Agency (NSA)
for government communications, Elliptic Curve Cryptography (ECC) provides the
most security per bit of any known public-key scheme. As the global leader in
ECC, Certicom security offerings are currently licensed to more than 300
customers including General Dynamics, Motorola, Oracle, Research In Motion and
Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga,
Ontario, Canada with worldwide sales and marketing headquarters in Reston,
Virginia and offices in the U.S., Canada, Europe and China. Visit
www.certicom.com.
    Certicom, Certicom Security Architecture, Certicom Trust Infrastructure,
Certicom CodeSign, Certicom KeyInject, Security Builder, Security Builder API,
Security Builder BSP, Security Builder Crypto, Security Builder ETS, Security
Builder GSE, Security Builder IPSec, Security Builder NSE, Security Builder
PKI and Security Builder SSL are trademarks or registered trademarks of
Certicom Corp. All other companies and products listed herein are trademarks
or registered trademarks of their respective holders. Information subject to
change.
    Except for historical information contained herein, this news release
contains forward-looking statements that involve risks and uncertainties.
Forward-looking information includes information concerning the Company's
future financial performance, business strategy, plans, goals and objectives.
When used in such documents, the words "plans", "expects", "budget",
"scheduled", "estimates", "forecasts", "intends", "anticipates", "will",
"believes" or variations of such words and phrases often, but not always,
identify forward looking statements. Factors which could cause actual results
or events to differ materially from current expectations include, among other
things: the ability of the Company to successfully implement its strategic
initiatives and whether such strategic initiatives will yield the expected
benefits; the ability of the Company to develop, promote and protect its
proprietary technology security breaches or defects in the Company's products;
competitive conditions in the businesses in which the Company participates;
changes in consumer spending; the outcome of legal proceedings as they arise;
general economic conditions and normal business uncertainty; consolidation in
the Company's industry and by its customers; customer preferences towards
product offerings; the risk that customers may cancel their contracts with the
Company; reliance on a limited number of customers; demand for ECC-based
technology; performance of the Company's management team and the Company's
ability to attract and retain skilled employees; operating the Company's
business profitably; fluctuations in revenue and foreign currency exchange
rates; interest rate fluctuations and other changes in borrowing costs; the
ability to develop and maintain strategic relationships; and other factors
identified under the heading "Risk Factors" in the Company's annual
information form dated July 26, 2007 and filed on SEDAR at www.sedar.com.
SOURCE  Certicom Corp.

Certicom, John Conrad, Merritt Group, Inc., conrad@merrittgrp.com, (703)
390-1538