Radio frequency identification (RFID) systems are a common and useful tool in manufacturing, supply chain management and retail inventory control, et al. Unfortunately, the universal deployment of RFID devices may raise public concern regarding violation of privacy and information security. In this paper, a secure mutual authentication scheme is proposed which is based on XOR operation assisting and hash function. Our proposed scheme is best suited for RFID systems that enforce user privacy and security protections while they cannot afford high computing powers and memory spaces, for example passive tags.