Certicom Announces Security Builder NSE (National Security Edition)

R.A. Hettinga rah at shipwright.com
Mon Nov 15 07:34:36 PST 2004 

<http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/11-15-2004/0002456259&EDATE=>

Certicom Announces Security Builder NSE (National Security Edition)
                         
    Cryptographic toolkit enables government contractors to add security that
        meets NSA guidelines to protect mission-critical information

    MISSISSAUGA, ON, Nov. 15 /PRNewswire-FirstCall/ - Government defence
contractors got a helping hand today when Certicom Corp. (TSX: CIC), the
authority for strong, efficient cryptography, announced Security Builder(R)
NSE(TM). This developer toolkit enables organizations to build applications
and devices that meet the field-of-use guidelines set out by the National
Security Agency (NSA) to protect mission-critical national security
information. According to the NSA, there are over one million high-grade
devices in the U.S. Government today that will need to be replaced to include
security based on Elliptic Curve Cryptography (ECC).
    At an Internet Engineering Task Force (IETF) meeting on November 11, the
NSA presented their requirements for strong security over the next 50 years
and further information about their licensing agreement with Certicom for its
ECC-based intellectual property. The NSA presentation can be found at
 http://www.machshav.com/~smb/saag-11-2004/ .
    In October 2003, the NSA selected elliptic curve cryptography (ECC) as
the public-key cryptosystem to meet these new, stronger security requirements
under its crypto modernization program. The agency purchased licensing rights
for 26 ECC-based patents from Certicom for a particular field-of-use, defined
as implementations of ECC that are over GF (p), where p is a prime greater
than 2 to the power of 255.
    "This toolkit is a logical next phase for Certicom as it helps
contractors meet the NSA guidelines for protecting the most critical
government information. The agency has set out the guidelines and made the
crypto licenses available to contractors. We're now providing a tool to help
developers integrate optimized security features that meet those guidelines,"
said Ian McKinnon, president and CEO of Certicom.
    With this toolkit, organizations can be assured of proven implementations
backed by Certicom, a team of cryptographic experts that has focused on
optimizing public-key cryptosystems for almost two decades. The Security
Builder NSE toolkit covers the technology that was part of the 26 patents
licensed by the NSA plus optimized implementations that enable developers to
meet the NSA field-of-use guidelines and FIPS 140-2 validation requirements.

    The toolkit, which is available in C code, includes:
        -  Elliptic curve digital signature algorithm (ECDSA)
           (FIPS-validated) for digital signatures;
        -  Elliptic curve Menezes-Qu-Vanstone (ECMQV) for key agreement and
           transport;
        -  SHA-1 and SHA-2 (FIPS-validated) for hashing;
        -  Advanced encryption standard (AES) (FIPS-validated) for strong
           encryption;
        -  Random number generation (RNG) (also FIPS-validated);
        -  Point compression for size and performance efficiencies; and
        -  Support for Windows and Linux platforms.

    Security Builder NSE is part of the Certicom Security Architecture, which
unifies all of Certicom's existing toolkits across a single API and enables
developers to quickly migrate their applications to whichever cryptographic
module is required.

    Pricing and Availability
    Security Builder NSE will be available in the first quarter of 2005 and
priced at a one-time license fee with no royalties starting at US$50,000 per
project in the field-of-use plus support and maintenance. A free license for
the patents in the NSA field-of-use is available from the NSA or Certicom.

    About Certicom
    Certicom Corp. (TSX:CIC) is the authority for strong, efficient
cryptography required by software vendors and device manufacturers to embed
security in their products. Adopted by the US Government's National Security
Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC)
provide the most security per bit of any known public key scheme, making it
ideal for constrained environments. Certicom products and services are
currently licensed to more than 300 customers including Motorola, Oracle,
Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985,
Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa,
ON; Reston, VA; San Mateo, CA; and London, England. Visit
http://www.certicom.com .

    Certicom, Certicom Security Architecture, Certicom CodeSign, Security
Builder, Security Builder Middleware, Security Builder API, Security Builder
Crypto, Security Builder SSL, Security Builder PKI, and Security Builder GSE
are trademarks or registered trademarks of Certicom Corp. Intel is registered
trademarks of Intel Corporation or its subsidiaries in the United States and
other countries. All other companies and products listed herein are trademarks
or registered trademarks of their respective holders.

    Except for historical information contained herein, this news release
contains forward-looking statements that involve risks and uncertainties.
Actual results may differ materially. Factors that might cause a difference
include, but are not limited to, those relating to the acceptance of mobile
and wireless devices and the continued growth of e-commerce and m-commerce,
the increase of the demand for mutual authentication in m-commerce
transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology
as an industry standard, the market acceptance of our principal products and
sales of our customer's products, the impact of competitive products and
technologies, the possibility of our products infringing patents and other
intellectual property of fourth parties, and costs of product development.
Certicom will not update these forward-looking statements to reflect events or
circumstances after the date hereof. More detailed information about potential
factors that could affect Certicom's financial results is included in the
documents Certicom files from time to time with the Canadian securities
regulatory authorities.



 SOURCE Certicom Corp.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list