NSA names ECC as the exclusive technology for key agreement and digital signature standards for the U.S. government

Ian G iang at systemics.com
Fri Mar 4 06:40:01 EST 2005

-------- Original Message --------

NSA names ECC as the exclusive technology for key agreement and digital
signature standards for the U.S. government

Certicom's ECC-based solutions enable government contractors to add security
that meets NSA guidelines

    MISSISSAUGA, ON, March 2 /CNW/ - Elliptic Curve Cryptography (ECC), a
strong, efficient public key cryptosystem, will soon become the standard to
protect U.S. government communications. On February 16, 2005 at the RSA
conference, the National Security Agency (NSA) presented its strategy and
recommendations for securing U.S. government sensitive and unclassified
communications. The strategy included a recommended set of advanced
cryptography algorithms known as Suite B for securing sensitive and
unclassified data.
    The only public key protocols included in Suite B are Elliptic Curve
Menezes-Qu-Vanstone (ECMQV) and Elliptic Curve Diffie-Hellman (ECDH) for key
agreement and Elliptic Curve Digital Signature Algorithm (ECDSA) for
authentication. The Advanced Encryption Standard (AES) for data encryption
and SHA for hashing are also included. All of the Suite B algorithms are
consistent with the National Institute of Standards and Technology (NIST)
    Interoperability and information sharing are two key principles in the
NSA strategy. In his remarks, Daniel Wolf, the NSA's information assurance
director discussed the importance of sharing information between departments
and using consistent and strong standards to protect that information. The
NSA recommends that the same level of security that is used to protect
mission critical information - ECC-based protocols - now be extended to
protect sensitive and unclassified data.
    "The NSA strategy is major news for the security industry and all
government agencies or suppliers because it sets the security standards for
at least the next few decades. The NSA has stated that there are more than
1.3 million cryptographic devices in the U.S. inventory, over 75 percent of
which will be replaced during the next decade under the U.S. Crypto
Modernization Program," said Scott Vanstone, Certicom's founder & executive
vice-president strategic technology. "A system is only as strong as its
weakest link. By using the same high level of protection for all
communications, especially security that is standards-based and
interoperable, agencies and all organizations can establish a trusted system
that is much harder to compromise."
    ECC is a publicly-available algorithm and Certicom is known as the ECC
pioneer and expert, having researched and developed ECC-based
implementations and security for the past 20 years. In 1997, Certicom
developed the industry's first toolkit to include ECC which has since been
adopted by over 300 organizations. Today, its Certicom Security
Architecture, a modular set of security services, software cryptographic
providers (including a FIPS 140-2 Validated cryptographic module), and board
support packages, enables device
manufacturers and other government suppliers to easily add strong, efficient
cryptography that meets the NSA recommendations and NIST publications.

About Certicom

Certicom Corp. (TSX: CIC) is the authority for strong, efficient
cryptography required by software vendors and device manufacturers to embed
security in their products. Adopted by the US government's National Security
Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC)
provide the most security per bit of any known public key scheme, making it
ideal for constrained environments. Certicom products and services are
currently licensed to more than 300 customers including Motorola, Oracle,
Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985,
Certicom is headquartered in Mississauga, ON, Canada, with offices in
Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit

Certicom, Certicom Security Architecture, Certicom CodeSign, Security
Builder, Security Builder Middleware, Security Builder API, Security Builder
Crypto, Security Builder SSL, Security Builder PKI, Security Builder NSE and
Security Builder GSE are trademarks or registered trademarks of Certicom
Corp. All other companies and products listed herein are trademarks or
registered trademarks of their respective holders.

Except for historical information contained herein, this news release
contains forward-looking statements that involve risks and uncertainties.
Actual results may differ materially. Factors that might cause a difference
include, but are not limited to, those relating to the acceptance of mobile
and wireless devices and the continued growth of e-commerce and m-commerce,
the increase of the demand for mutual authentication in m-commerce
transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology
as an industry standard, the market acceptance of our principal products and
sales of our customer's products, the impact of competitive products and
technologies, the possibility of our products infringing patents and other
intellectual property of fourth parties, and costs of product development.
Certicom will not update these forward-looking statements to reflect events
or circumstances after the date hereof. More detailed information about
potential factors that could affect Certicom's financial results is included
in the documents Certicom files from time to time with the Canadian
securities regulatory authorities.

For further information: please contact: Tim Cox, Zing Public Relations,
(650) 369-7784, tim at zingpr.com; Brendan Ziolo, Certicom Corp.,
(613) 254-9267, bziolo at certicom.com

¿ 2005 CNW Group

News and views on what matters in finance+crypto:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list