Certicom Licenses Security Builder Toolkits to Unisys

MISSISSAUGA, Ontario-May 19, 2004-Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that Unisys Corporation has licensed Certicom’s Security Builder toolkits to embed Elliptic Curve Cryptography (ECC) in its medium-speed NDP Quantum Series and its high-speed NDP850-2000 document processor families. The highly optimized implementations of ECC, found in the Security Builder toolkit, enable Unisys to digitally sign over 10,000 images per minute and address the security requirements of Check 21 (Check Clearing for the 21st Century Act) image exchange.

Check 21-enabled image exchange provides significant opportunity for improved efficiencies and reduced costs in the U.S. financial industry but also creates opportunities for fraud as the images move through the payment system. This agreement between Unisys and Certicom provides the U.S. financial industry with security technologies to protect against fraud.

“Embedding Certicom security technology allows Unisys customers to be confident of the integrity of each check image, which is the optimal way to eliminate the risk of image alteration fraud,” said Gary Wallen, Vice President Unisys Payment Systems. “And Certicom’s optimized implementations allow us to meet the demanding requirement to sign 10,000 images per minute.”

Check 21 encourages financial institutions to exchange digital images rather than paper to process checks with each other. The security around these digital images is very important because they must guarantee the same legal status as a paper check and eliminate the possibility of fraud while ensuring long-term storage. These requirements present a number of challenges: first, machines scan thousands of checks per minute; second, each image has to be signed to ensure that check values are not tampered with; and third, the encryption must be very strong so that the images can be transferred safely.

To achieve maximum efficiency, the digital signature must be small and fast. However, security cannot be compromised, so the signature must also be very strong. With Security Builder PKI, Unisys has integrated an ECC-based digital signature, ECDSA, which offers high security using much smaller key sizes than any other public key scheme available today. It is the only technology capable of digitally signing over 10,000 images per minute. It also allows Unisys to be consistent with the ANSI (American National Standards Institute) DSTU X9.37 Specifications for Electronic Exchange of Check and Image Data.

“This contract is another example of how ECC is the ideal public key cryptosystem for a growing number of applications that require strong, efficient cryptography. This selection by Unisys further validates our toolkits as the most highly optimized implementations on the market today,” said Ian McKinnon, President and CEO at Certicom. “Our Security Builder toolkits enable Unisys to integrate ECC-based digital signatures quickly and easily into their solutions in order to conform with the emerging Check21 requirements. This will create new opportunities for Certicom in the financial sector.”

Security Builder(R) PKI(TM) enables developers to add robust, standards-based digital certificates and key management to applications and devices. With optimized libraries, FIPS-approved algorithms and a common API across multiple platforms, Security Builder PKI enables you to get to market quickly using proven security. Any financial institution or application developer can integrate Security Builder PKI to provide all the necessary logic to validate the certificates and signatures generated by other institutions. For more information about Security Builder toolkits, visit www.certicom.com/securitybuilder.

Certicom stands to receive additional license and royalty revenues when third-party developers integrate Security Builder toolkits into their financial applications that validate these digital signatures.

About Certicom
Certicom Corp. (TSX: CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and XM Radio. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.