The invention discloses a method and an apparatus for identifying and verifying RFID
privacy protection. Attacks of illegal reader scanning and
position tracking are resisted by
mutual authentication between an RFID tag and an RFID reader, and one-way
hash function H(x) and exclusive-or operation are introduced in the
authentication of the RFID tag and the RFID reader; a pseudo-random number generating module and a one-way
hash function module are introduced in the RFID tag, the pseudo-random number generating module and the one-way
hash function module are also introduced in the RFID reader, a background
server stores an ID of the RFID tag, and a shared
ciphertext Kr is also stored in the RFID tag and the RFID reader. According to the invention, the tag, the reader and a background
database carry out
mutual authentication successively and independently, which not only realizes a bidirectional
authentication, but also realizes a two-level
authentication carried out by the reader and the background
database on the tag. A bidirectional two-level authentication between the tag and the reader in an RFID
system is realized; various security threats faced by the RFID
system can be comprehensively and effectively prevented or reduced, and especially attacks such as illegal reader scanning,
position tracking and the like are comprehensively resisted.