Mobile services have been growing fast to facilitate business in wireless network environment. It is both critical and challenging to maintain security and anonymity so as to provide high quality services. In this paper, we propose a ticket-based architecture and a generic protocol for controlling access to mobile services. Our protocol has the following properties. First, it is a generic solution independent of cryptographic algorithms and service models. Second, it is secure against various malicious attacks on mobile services. Third, it provides identity anonymity for customers and/or service providers depending on business requirements. Fourth, it is flexible in dynamic environments where customers and/or service providers are cross multiple domains. We also show an efficient implementation option of this generic protocol based on elliptic curve digital signature algorithm.