Recently, Lo et al.'s have addressed that building a light-weight secure communication is necessary for reader-to-server channel in RFID systems, because resource-limited mobile readers are becoming more and more popular. Therefore, Lo et al. proposed an elliptic curve cryptography (ECC)-based lightweight authentication protocol for reader-server channel. However, we find that their scheme has the security weaknesses: (1) the trusted third party’s private key would be disclosed such that the whole system would be broken and (2) there is no authentication of the keying materials. To conquer while preserving the light-weight property, we propose a new authentication protocol for reader-server channel using ID-based cryptography from elliptic curves.