The present invention is related to the field of data security in data processing systems.
There is increasing need for data security in data processing systems. Current techniques for meeting this need include hardware-level encryption of user data, for example, which can help protect the user data even in the event that it is obtained by an unauthorized party. Large, enterprise-level data processing systems (including enterprise storage systems) that provide user data encryption generally utilize a large number of data encryption keys, and require resources for the secure creation, distribution, use and destruction of these keys. Many systems may employ one or more dedicated key management server systems which are responsible for such key management activities, desirably minimizing the need for specialized key management functionality on the production servers of a system and its potential performance and system management drawbacks. Beyond hardware data encryption, there are other data security applications in which it is known to employ dedicated external resources such as dedicated server systems.