In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing a service session.