Certicom Launches Trusted Key Injection Platform for Anti-cloning

Certicom KeyInject enables device producers to monitor and control unique keying material for devices

MISSISSAUGA, Ontario – (September 12, 2005)– A new product from Certicom Corp. (TSX: CIC) will give producers of devices, such as set-top boxes, mobile handsets and printers, more control over their outsourced manufacturing process and help to prevent the cloning of devices and replacement parts. Certicom KeyInject is a trusted key injection platform for anti-cloning. It enables device producers to track production by contract manufacturers by controlling access to keying information, metering the use of this information and generating reports on key usage.

In the manufacturing process, producers should use public-key cryptography to embed a private key that uniquely identifies a device, giving it future access to services, linking it to a billing system or providing integration of replacement parts. When producers use third-party manufacturers there could be a threat of key leakage, where not all of the keying material is used to manufacture legitimate devices. KeyInject eliminates this risk by sending encrypted keying material to manufacturers and releasing it only when the manufacturer provides usage reports or previously accessed keys.

Certicom KeyInject can also be used to transport and inject keys and certificates in conditional access and digital rights management (DRM) schemes such as HDCP (High-bandwidth Digital Content Protection), CPRM (Content Protection for Recordable Media), and other emerging consumer electronic standards. In these situations, unique keying material is embedded in a device to control access to streaming media and the usage of downloaded electronic files.

"In today's environment, keying material must be handled in a secure and robust fashion," said Paul Lypaczewski, vice president and general manager, Multimedia Business Unit, ATI Technologies Inc., developer of graphics and digital media silicon solutions. "Certicom is a proven authority for software cryptography. ATI chose Certicom KeyInject to securely transport and inject keys for use with our graphics and digital media silicon solutions."

Certicom KeyInject uses industry standard protocols and techniques based on elliptic curve cryptography (ECC) and advanced encryption standard (AES) for the strongest, most-efficient security. Other features include:

• Proven, strong anti-cloning: meets stringent requirements to inject keying data during vulnerable manufacturing process, hardware-based protection of internal or third-party keys, controls and reports volume of keyed devices
• Cost-effective factory provisioning: automates process to key a device before it gets to the user, flexible remote administration capabilities; complements conditional access systems
• Highly configurable: addresses multiple deployment options, customize interface with manufacturing line system, enables enhanced capabilities.

"With increased focus on security in both industry and government, cryptography-in particular public-key-is taking centre stage. As a long-established player in this field, Certicom helps organizations protect their assets by developing new solutions that solve today's and tomorrow's security issues," said Jim Alfred, director of product management at Certicom.

Certicom KeyInject is part of the Certicom Trust Infrastructure that allows smart device vendors to securely manufacture and upgrade their devices with a cost-effective, off-the-shelf platform that offers flexibility, reliability and strong security.

Pricing and Availability
Certicom KeyInject is available this quarter and is priced depending on the number of sites. For more information, visit www.certicom.com/keyinject.

About Certicom
Certicom protects the value of your content, software and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com