We have implemented something we call a poker key server. To retrieve a database encryption key you have to enter a long (20 character) password of which ten characters are placed in sealed envelopes in two person's locked file cabinets. If you enter the password incorrectly, the server "calls" and you are required to prove your identity with an iButton (from Maxim/Dallas Semiconductor) containing a unique serial number which is then hashed by the server using SHA-384. If the iButton hashes correctly it gives you the option of entering the 20-character password again.

It sounds like a lot of work, but two-person control combined with a skeptical key server ensures our intellectual property remains safe.