Systems and methods for cryptographic security as a service

The invention claimed is: 1. A computer-based method for providing remote cryptographic services to a client application in a service call to a service system in a service provider computer system, said method comprising: storing identity information for a plurality of client applications; generating, by a key management services module associated with the service provider computer system, an encryption key, wherein the encryption key is associated with at least one client application of the plurality of client applications, wherein the encryption key is used by a cryptography provider to encrypt application data; exposing a cryptography service provider application programming interface (API) to the plurality of client applications, wherein the cryptography service provider API is configured to i) deliver encryption requests and decryption requests to the cryptography provider, and ii) deliver encrypted data and decrypted data to the plurality of client applications; receiving, via the cryptography service provider API, an encryption request from the at least one client application, wherein the encryption request includes data for an end-user of the at least one client application, wherein the encryption request includes at least one encryption parameter specified by the at least one client application for use in encrypting the data, and wherein the at least one encryption parameter identifies an encryption type and an encryption strength; encrypting the data using the generated encryption key, the encryption type specified by the at least one client application, and the encryption strength specified by the at least one client application; transmitting, via the cryptography service provider API, the encrypted data back to the at least one client application that requested the encryption and without transmitting the encryption key to the at least one client application; storing, on the cryptographic service system, the generated encryption key, the encryption type and encryption strength specified by the at least one client application, and an association between the key and the at least one client application without storing the encrypted data on the cryptographic service system; receiving, from the at least one client application that originally requested the encryption of the encrypted data, a decryption request comprising at least a parameter portion and the encrypted data, wherein the parameter portion defines the encryption type associated with the encrypted data and the encryption strength associated with the encrypted data; determining an identity of the at least one client application transmitting the received message based on the identity information and the parameter portion; locating, from storage on the cryptographic service system, the generated encryption key, the encryption type, and the encryption strength based on the determined identity of the at least one client application; decrypting the encrypted data using the generated encryption key, the encryption type, and the encryption strength; and transmitting the decrypted data back to the at least one client application. 2. The computer-based method of claim 1 , further comprising selecting at least one encryption algorithm from a library of encryption algorithms to apply to the data based on the parameter portion. 3. The computer-based method of claim 2 , further comprising: storing the generated encryption key and the association in a cryptographic key material module. 4. The computer-based method of claim 2 , further comprising selecting a decryption algorithm from a library of decryption algorithms corresponding to the selected encryption algorithm to apply to the received encrypted data based on the parameter portion. 5. The computer-based method of claim 1 , wherein receiving the encryption request further comprises receiving the encryption request from at least one of an application external to the service provider computer system and an application internal to the service provider computer system, and wherein receiving the decryption request further comprises receiving the decryption request from at least one of an application external to the service provider computer system and an application internal to the service provider computer system. 6. The computer-based method of claim 1 , wherein receiving the encryption request comprises receiving a message defining an application programming interface (API) service request from a website associated with the service provider computer system. 7. The computer-based method of claim 1 , wherein receiving the encryption request comprises receiving a message defining an application programming interface (API) service request from an application not associated with the service provider computer system. 8. A computer system for providing remote cryptographic services, the computer system comprising a memory device and a processor in communication with the memory device, the computer system programmed to: store identity information for a plurality of client applications; generate, by a key management services module associated with the service provider computer system, an encryption key, wherein the encryption key is associated with at least one client application of the plurality of client applications, wherein the encryption key is used by a cryptography provider to encrypt application data; expose a cryptography service provider application programming interface (API) to the plurality of client applications, wherein the cryptography service provider API is configured to i) deliver encryption requests and decryption requests to the cryptography provider, and ii) deliver encrypted data and decrypted data to the plurality of client applications; receive, via the cryptography service provider API, an encryption request from the at least one client application, wherein the encryption request includes data for an end-user of the at least one client application, wherein the encryption request includes at least one encryption parameter specified by the at least one client application for use in encrypting the data, and wherein the at least one encryption parameter identifies an encryption type and an encryption strength; encrypt the data using the generated encryption key, the encryption type specified by the at least one client application, and the encryption strength specified by the at least one client application; transmit, via the cryptography service provider API, the encrypted data back to the at least one client application that requested the encryption and without transmitting the encryption key to the at least one client application; store, on the memory device, the generated encryption key, the encryption type and encryption strength specified by the at least one client application, and an association between the key and the at least one client application without storing the encrypted data on the memory device; receive from the at least one client application that originally requested the encryption of the encrypted data, a decryption request comprising at least a parameter portion and the encrypted data, wherein the parameter portion defines the encryption type associated with the encrypted data and the encryption strength associated with the encrypted data; determine an identity of the at least one client application transmitting the received message based on the identity information and the parameter portion; locate, from storage on the memory device, the generated encryption key, the encryption type, and the encryption strength based on the determined identity of the at least one client application; decrypt the encrypted data using the generated encryption key, the encryption type, and the encryption strength; and tran