AbstractThe Internet of Things (IoT) houses a diverse range of applications and users, providing different services securely. Privacy and access management are the challenging processes in administering user‐end security measures. User management, density, and behavior levy a complicated security requirement. A lightweight access management scheme (LAMS) is projected in this article to address this issue. User access permissions and privacy are jointly handled by this scheme based on trust evaluation (TE) and access history. In this scheme, an interlinked relationship is constructed between the trust and access permission features in the IoT platform verified using the transfer learning paradigm. The previous TE is used for deciding the access delegation level for the current user application. In the privacy‐preserving process, amendable keys are used for securing the delegated access sessions alone. This key distribution is used for adapting varying session lengths, preventing privacy breaches. In this key generation and distribution, the elliptic curve cryptographic paradigm is used that adapts the session length and access permission relationship defined. The proposed scheme's performance is verified using 12.32% less access time, 7.16% less failure, 10.27% high sustainability, 11.98% less authentication time, and 10.47% less overhead for different session lengths. In addition to this, the method achieves 12.42% less access time, 8.4% less failure, 11.91% high sustainability, 10.9% less authentication time, and 10.34% less overhead for different users.