MISSISSAUGA, Ontario--November 22, 2005--Certicom Corp. (TSX: CIC) todayannounced it has earned FIPS 140-2 validation for the Java version ofSecurity Builder GSE, certifying another module in its Security solutions to help vendors sell into the government market. A Federal Information Processing Standards (FIPS) validation assures users that a given technology has passed rigorous testing as set out by the National Institute of Standards for Technology (NIST).

Certicom is the first company to offer FIPS 140-2 validated securitymodules in both Java and C programming languages that also meet the National Security Agency's set of security recommendations known as Suite B.

Cryptographic algorithms such as AES, ECMQV and ECDSA are all part of thegovernment lexicon, a list that continues to grow as the governmenttightens security for protecting classified and unclassified data. Forcompanies not focused on security, it can be overwhelming to stay currentwith the latest requirements. By using the Certicom Security Architecture, application developers and device manufacturers can add government-approved security to their products without undergoing the time-consuming and costly Federal Information Processing Standards (FIPS) process, confident that Certicom stays current with government requirements.

"According to analyst reports, government spending on security-related IT products is expected to reach $56 billion by 2009. For vendors who meet the stringent security requirements, that's an enormous opportunity," said Ian McKinnon, Certicom's president and CEO. "Certicom continues to make asignificant investment in its security architectures so that our customers can quickly and easily meet government requirements without having to become security experts themselves."

Security Builder GSE acts as a software-based cryptographic provider within the Certicom(R) Security Architecture(TM) - a comprehensive, modular and portable platform designed to allow developers to quickly and cost-effectively embed security into applications, and across multiple families and generations of devices. The modular architecture allows the higher level toolkits, SSL, IPSec and PKI to utilize the Security Builder GSE module in FIPS mode. A common application programming interface (API) unifies Certicom's modules to create a plug-and-play security architecture.

About Certicom

Certicom protects the value of your content, software and devices withgovernment-approved security. Adopted by the National Security Agency (NSA)for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom securityofferings are currently licensed to more than 300 customers includingGeneral Dynamics, Motorola, Oracle, Research In Motion and Unisys. Foundedin 1985, Certicom's corporate offices are in Mississauga, ON, Canada withworldwide sales headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com.