Software Protection

I'm trying to find a solution to protect all the software developed in the company I work in.
Till now we've been working with hardlocks, but we are trying to cut on expences and wanting to develop our own software protection system.
I know that there some free tools, like for instance activelock, but we aren't interested in using third party tools either, since these tools are frequently open to attacks and we might have migration problems in the future.
I've been googling and I can't find any good techniques for developing this type of solution.
We've seen some ideas like for instance hardware dependet protection, but that is also a problem because it doesn't allow the user to change hardware without contacting us.
We have our own website, what makes possible the comunication with an online database, but we don't know what to do with this functionality. Check IP? It changes often,... Check Hardware? same problem as before, probably,...

Does anyone has any ideas or knows any technique?

My thanks in advanced

So, you want a system that is totally secure, highly extendable, and which requires you to do nothing to maintain it? If you ever find such a thing, be sure to tell people, as EVERYBODY would be interested.

Every system has flaws. If you tie to hardware, then you do have a maintainence issue, as you noted. If you don't tie to hardware, what do you tie to? Passwords held locally? Looking up words in the manual? Dongles? Every possible answer has limitations. At some point, you just have to pick your poison.

Hi Shaggy Hiker
Thanks for your reply

Of course I know that there's no secure system. What I'm asking (if anyone knows -maybe given in college or when searching the web) is for the concept of securing a system. probably the concept that took other developers to develop their own software protection system, like the example I gave. I see you misunderstood me because I never said I wanted a system that I have to do nothing to maintain it, it's really the opposite. I prefer to be the one to have all the work on maintaining it, so that it's "our" own tool.

I understand that sentiment. I've felt the same way about several types of things.

I would focus on web based solutions, if that's an option. Pretty nearly anything that is exclusively on the end users computer is going to have a real weakness. A solution that is based on accessing a web service for authentication would shift the security off the end user and into the server, as long as you worked out how to deal with integrating the security such that it couldn't be easily bypassed.