Due to its low cost and remote automatic identification ability, RFID (Radio Frequency Identification) is taking the place of barcodes. However, the information transmitted in the air could easily be eavesdropped, interrupted or modified due to its radio transmission nature. The issues of security and privacy are thus raised. With the popularity of RFID, objects embedded with tags can be transferred to new owners for many times during their life cycle. The privacy protection of the new owner and the old owner should be addressed. Existing RFID ownership transfer protocols usually authenticate the tag, while not verifying whether the holder is the legal owner of the tag.This paper analyzes existing literature and then proposes protocols which free Song and Mitchell's protocols from attacks of spoofing, forward security and denial of service. Furthermore, user authentication is designed to enhance security. Therefore, the improved protocols could be applied in environments that require a high level of security.