With the development of society and the increment of human needs, many new technologies have been produced. The mobile RFID system has gradually approached the scene view of humans-the wire communication between reader and database limits modern communication in a traditional RFID system. While wireless communication between these two characters can satisfy the need in a mobile RFID system, specific safety risk still exists. An ultra-lightweight two-way authentication protocol of mobile RFID system has been designed in this paper. The protocol is based on permutation cross synthesis operation, which is from bit operation to encrypt sent messages. Besides, permutation cross synthesis includes two steps, permutation operation, and cross synthesis operation. With Hamming Weights of encrypted messages, permutation and cross-location can be identified. Communication entities in this protocol are identified first before privacy information is exchanged. Meanwhile, one end of the reader stores the communication keys for the first and second rounds, harmonizing communication entities. Compared with other protocols of this type on safety and function, the protocol in this paper has characteristics of lower computation, higher safety performance, and higher applicability on mobile RFID systems.