The invention discloses a method and an apparatus for identifying and verifying RFID privacy protection. Attacks of illegal reader scanning and position tracking are resisted by mutual authentication between an RFID tag and an RFID reader, and one-way hash function H(x) and exclusive-or operation are introduced in the authentication of the RFID tag and the RFID reader; a pseudo-random number generating module and a one-way hash function module are introduced in the RFID tag, the pseudo-random number generating module and the one-way hash function module are also introduced in the RFID reader, a background server stores an ID of the RFID tag, and a shared ciphertext Kr is also stored in the RFID tag and the RFID reader. According to the invention, the tag, the reader and a background database carry out mutual authentication successively and independently, which not only realizes a bidirectional authentication, but also realizes a two-level authentication carried out by the reader and the background database on the tag. A bidirectional two-level authentication between the tag and the reader in an RFID system is realized; various security threats faced by the RFID system can be comprehensively and effectively prevented or reduced, and especially attacks such as illegal reader scanning, position tracking and the like are comprehensively resisted.