Certicom First to Earn FIPS 186-2 Validation for Elliptic Curve Digital Signature Algorithm

R.A. Hettinga rah at shipwright.com
Mon Nov 15 22:56:20 EST 2004


Certicom First to Earn FIPS 186-2 Validation for Elliptic Curve Digital
Signature Algorithm
              Validation of ECC-based algorithm another step in
                 ECC standardization and widespread adoption

    MISSISSAUGA, ON, Nov. 15 /PRNewswire-FirstCall/ - Certicom Corp.
(TSX: CIC), the authority for strong, efficient cryptography, today announced
that its implementation for the Elliptic Curve Digital Signature Algorithm
(EassociateCDSA) has earned the Federal Information Processing Standards
(FIPS) 186-2
validation certification No. 1 - making it the first company to receive the
designation for an elliptic curve cryptography (ECC) -based algorithm.
    This validation is particularly valuable for original equipment
manufacturers (OEMs) and software vendors who sell to government
organizations. By using Certicom's ECDSA implementation in their products,
they meet FIPS requirements without undergoing the time-consuming and costly
testing process. ECDSA is used to build in digital signature functionality and
is a faster alternative to legacy algorithms.
    For the cryptography community, and in particular proponents of ECC, the
testing of ECC as part of the FIPS validation process is a significant step in
the adoption of this public key cryptosystem. Considered a benchmark for
security in government, a FIPS validation assures users that a given
technology has passed rigorous testing by an accredited third party lab as set
out by the National Institute of Standards for Technology (NIST) and can be
used to secure sensitive information. Typically, it drives wide-scale adoption
in government and in commercial sectors, particularly in the financial and
healthcare sectors that recognize the significance of FIPS validation. This
milestone in ECC's evolution follows last year's announcement from the
National Security Agency (NSA) that ECC is a 'crucial technology'. Both events
are part of the U.S. Government's crypto modernization program.
    "A major hurdle to widespread adoption of any security technology is
standardization. We witnessed that 25 years ago with the Data Encryption
Standard (DES) and now are seeing it play out with Advanced Encryption
Standards (AES), the successor to DES," said Scott Vanstone, founder and
executive vice-president, strategic technology at Certicom. "As a
complementary cryptosystem to AES, we can expect the same for ECC. By testing
ECC-based algorithms in the FIPS certification process, NIST added a level of
assurance that says they've done the due diligence on it and now organizations
can be very comfortable adopting it."
    ECC is a computationally efficient form of cryptography that offers
equivalent security to other competing technologies but with much smaller key
sizes. This results in faster computations, lower power consumption, as well
as memory and bandwidth savings, thereby making it ideal for today's
resource-constrained environments.
    Certicom is considered a pioneer in ECC research and implementations,
backed by 20 years of experience. The company developed the industry's first
toolkit to include ECC, which has since been adopted by over 300
organizations. Tomorrow it will host the Certicom ECC Conference 2004, the
first-ever conference that brings together Elliptic Curve Cryptography
researchers, industry experts and users. During the two-day conference,
participants from North America, Europe and Asia will discuss the evolution of
ECC and share best implementation practices and insights for future

    About Certicom
    Certicom Corp. (TSX:CIC) is the authority for strong, efficient
cryptography required by software vendors and device manufacturers to embed
security in their products. Adopted by the US Government's National Security
Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC)
provide the most security per bit of any known public key scheme, making it
ideal for constrained environments. Certicom products and services are
currently licensed to more than 300 customers including Motorola, Oracle,
Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985,
Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa,
ON; Reston, VA; San Mateo, CA; and London, England. Visit
http://www.certicom.com .

    Certicom, Certicom Security Architecture, Certicom CodeSign, Security
Builder, Security Builder Middleware, Security Builder API, Security Builder
Crypto, Security Builder SSL, Security Builder PKI, and Security Builder GSE
are trademarks or registered trademarks of Certicom Corp. Intel is registered
trademarks of Intel Corporation or its subsidiaries in the United States and
other countries. All other companies and products listed herein are trademarks
or registered trademarks of their respective holders.

    Except for historical information contained herein, this news release
contains forward-looking statements that involve risks and uncertainties.
Actual results may differ materially. Factors that might cause a difference
include, but are not limited to, those relating to the acceptance of mobile
and wireless devices and the continued growth of e-commerce and m-commerce,
the increase of the demand for mutual authentication in m-commerce
transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology
as an industry standard, the market acceptance of our principal products and
sales of our customer's products, the impact of competitive products and
technologies, the possibility of our products infringing patents and other
intellectual property of fourth parties, and costs of product development.
Certicom will not update these forward-looking statements to reflect events or
circumstances after the date hereof. More detailed information about potential
factors that could affect Certicom's financial results is included in the
documents Certicom files from time to time with the Canadian securities
regulatory authorities.

 SOURCE Certicom Corp.

More news from PR Newswire...

Issuers of news releases and not PR Newswire are solely responsible for the
accuracy of the content.
Terms and conditions, including restrictions on redistribution, apply.
 Copyright © 1996-2004 PR Newswire Association LLC. All Rights Reserved.
 A United Business Media company.

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list