The company has focused on the secure sockets layer (SSL) format, which has become a de facto standard for Web traffic. Although it is not often used for full encryption and authentication operations, SSL is built into every Web browser and is therefore available to anybody using the Internet. Andes announced recently at the RSA Conference 2001 that it is sampling an SSL accelerator system, a box designed to sit in Internet data centers and whose sole function is to decode encrypted traffic as it comes in, and add encryption to traffic on the way out. It is scheduled to begin commercial shipments next quarter.

"Our system is the first commercial implementation of a new-generation technology, which redefines the standards of SSL processing," said Paul Gordon, president and chief executive officer of Andes (Mountain View, Calif.).

While current systems may perform anywhere from 200 to 1,500 RSA operations/second, which is the basic function of decryption traffic based on the industry-standard RSA algorithms, Gordon said Andes' system can do 15,000 RSA operations every second. In addition, he said the existing crop of systems can support handshakes with up to 750 new SSL clients per second, while the Andes version handles 5,000 such transactions.

Although SSL is deployed all through the Internet, it is not widely used. Gordon estimated that only about 6 to 7 percent of Internet traffic is encrypted, usually e-commerce and other financial transactions.

A big part of the reason for this is speed: According to some estimates, it can take as much as 50 times longer to send an SSL-encrypted data stream from one computer than to send nonencrypted data.

Andes is also attacking the high cost of encryption. Its system will be priced at about $60,000, while Gordon estimates that obtaining comparable performance — support for 5,000 SSL handshakes a second — from competing systems can cost anywhere from $110,000 to $325,000. "This is such a dramatic breakthrough it is going to cause a tidal shift in the SSL market," he said.

"Security is something that everybody wants, but nobody wants to have to pay for," said Atul Bhatnagar, vice president for advanced products at Nortel Networks, which also makes an SSL accelerator system.

In fact, Andes' goal is no less than 100 percent encrypted traffic on the Internet, and Gordon seems to have some support for his position. "We believe the World Wide Web will be completely encrypted within the next three to five years," said Kevin Trosian, vice president of research for Bank of America Securities LLC, here.

The commercial world's growing dependence upon the Internet, both for exchanging data and for business transactions, means security is becoming more and more important. And since the SSL format is already in place, it is a natural move to implement SSL technology more broadly.

"The seatbelts are already there, it's just a matter of getting people to use them," said Nortel's Bhatnagar.

Peter Christy, research director for Jupiter Research, said that SSL is likely to become the dominant encryption format for the Internet because it is already in place in the browser infrastructure. "We have the ability to build the most secure networks, and allow completely private communication, but right now the Internet is about as frighteningly insecure as you could possibly imagine," he said.

Given the spiraling demand, some estimates predict that the total network-security market could easily reach some $17 billion within the next three years.

At the heart of the Andes SSL accelerator is a proprietary device, an SSL processor called the Zoo chip. (See related story.) It was designed by a pair of Andes engineers and named after their shared office, which was also home to a dog and a parrot. It is manufactured at UMC Group in 0.18-micron process technology, and packs 11.7 million transistors.

The company has no plans to sell the Zoo or license it, although some key partners have access to the design in order to develop complementary systems.

While most SSL processors take jumbled packets and reassemble them into a single message before decrypting them, Gordon said that the Andes approach is to decrypt the message at the packet level. This is how the system manages to be so much faster than any of its competitors. Other companies are also attempting to develop products based on this concept, including Corrent Corp. and Hifn Inc., both of which also made product announcements at the RSA Conference.

One gap in the Zoo's coverage is e-mail traffic. Since SSL is installed in browsers, it does not work for e-mail that uses dedicated nonbrowser applications. However, Gordon said that many e-mail services are migrating to browser-based messaging, especially the free e-mail Web sites that are common on the Internet. As a result, he predicted that it will be just a matter of time before SSL encryption is just as effective for e-mail as it is for other Web traffic.

While there is certainly plenty of Web traffic that does not need to be encrypted, Andes' approach is to make the system fast enough to handle all the traffic in SSL format, and cheap enough so that the best solution is to simply encrypt everything rather than decide on a case-by-case basis which information should be encrypted and which should not.

"What we're doing is making this decision so easy that people will have no choice but to implement SSL encryption," Gordon said. "We've broken the sound barrier in all performance benchmarks."