The YK-KSM component was designed for these objectives:
Have AES key storage be separate from the validation server
Allow distribution of AES keys to multiple servers for load-balancing and high-availability
The code must be short and easy to audit