In general you should define more exactly how you want to devide (identify) “good” aplication which are allowed to use your COM object from other “bad” applications.

If your COM object are in-proc server (a DLL which will be loaded in the address space of the application which use it) then you can make “quick & dirty” solution: Inside of the DllMain you can test the name of the exe file which loaded your dll. You can do this with respect of GetModuleFileName with NULL as the first parameter. If a “wrong” exe try to load your dll the DllMain can return FALSE. The same test you can do in any of your method instead of DllMain.

The best general way to solve your problem (the best which I see of cause) will be to add an additional method to your COM Object which you can use to authorize the caller. For example, to use any “secret” functions like func1() you can require the caller to call another authorize() function before. The caller give your COM Object as input prameter of authorize() some information which can be used to verify the caller permissions. If the authorization is OK, authorize() will gives back an authorization token (cookie) which can be anything which you can easy to verify later. The best tokens should be based on cryptografical algorithms like digitaly signing. The function func1() can have an additional parameter – the token (cookie) received from authorize1(). In this way you can implement any kind of authorization which you want. This way will works with any kind of COM Objects (not only with in-proc-servers).