Tumbleweed Licenses Certicom's Elliptic Curve Cryptography

License with Certicom’s Security Builder Solutions Will Help Ensure FIPS 140-2 and Suite B Compliance

MISSISSAUGA, Ontario --July 21, 2008 -- Certicom (TSX: CIC), an industry leader in elliptic curve cryptography (ECC) security, announced today that Tumbleweed Communications Corp. (NASDAQ:TMWD), an industry leader in managed file transfer, email security, and identity validation, will use Certicom’s Security Builder® family of solutions.  Licensing Certicom’s ECC technology provides one of the highest standards of encryption for customers and will help Tumbleweed streamline future Federal Industry Protections Standards (FIPS) 140-2 and Suite B compliance efforts.

In 2007, Tumbleweed received 140-2 Level 1 certification, the benchmark standard for government agency data security, for the security kernel used in its suite of products. The license with Certicom will help expedite subsequent certification efforts through one vendor. The first Tumbleweed products to integrate the libraries that support ECC are Secure Messenger™ for email encryption and MailGate® for inbound and outbound email security.   

“By enlisting Certicom’s ECC technology, Tumbleweed is reconfirming its commitment to providing the strongest encryption and authentication capabilities that the military, federal, local and state government agencies need to maintain a secure online communications channel,” said Taher Elgamal, Chief Technology Officer of Tumbleweed Communications Corp.  “In addition, working with a single, best-in-class crypto platform will help streamline future FIPS accreditation efforts – and that is exceptionally valuable.”

FIPS 140-2 is the security requirement for cryptographic modules as defined by the National Institute of Standards for Technology (NIST).  The standard is required for sale of products implementing cryptography to the Federal Government.  Companies who lack a FIPS 140-2 validation and are unable to prove that such a validation is in the process of being obtained will not be able to access the government market with its products.

Suite B is the set of cryptographic algorithms recommended by the National Security Agency (NSA) to secure classified and unclassified communications.  In 2005, the NSA recommended ECC as the public key crypto system to protect government communications.  Known as Suite B, these recommendations are part of an initiative to upgrade the security infrastructure of government communications to meet present and future security needs.  ECC is used in a growing number of sectors ranging from networking, consumer electronics, wireless devices and semiconductors to government and financial services.  

“Certicom is proud to add Tumbleweed Communications to our growing portfolio of customers,” said Karna Gupta, CEO of Certicom.  “Our NSA-approved technology is amongst the highest quality in the industry, and leading companies like Tumbleweed are increasingly turning to us as a best-in-class security partner.”

About Tumbleweed
Tumbleweed Communications Corp. (NASDAQ:TMWD), an industry leader in managed file transfer, email security and identity validation, provides enterprise-class solutions to organizations of all sizes.  Tumbleweed’s innovative products enable organizations to effectively manage and protect business-critical Internet communications, with capabilities that span secure file transfer, encryption, data loss prevention, and email security. Tumbleweed has more than 3,300 customers worldwide, including blue-chip companies across an array of industries such as Technology, Retail, Finance, Healthcare, Manufacturing, Consumer Packaged Goods, Telecom, Energy, and the U.S. Government. The world’s most security conscious organizations rely upon Tumbleweed technology including Bank of America Securities, JP Morgan Chase & Co., the U.S. Food and Drug Administration, and the U.S. Department of Defense. Our award-winning products build on 15 years of R&D and 30 security patents in the U.S. alone – many of which are licensed by other security vendors. More information can be found at www.tumbleweed.com.

About Certicom
Certicom manages and protects the value of content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the global leader in ECC, Certicom’s security offerings are currently licensed to hundreds of multinational technology companies, including IBM, General Dynamics, Motorola, Oracle and Research In Motion. Founded in 1985, Certicom’s corporate offices are in Mississauga, Ontario, Canada with worldwide sales and marketing headquarters in Reston, Virginia and offices in Europe and Asia.  Visit www.certicom.com.