With the rapid development of Radio Frequency Identification (RFID), the combination of mobile devices and readers has seen wide application of mobile RFID. It is no longer confined by its locations. However, most RFID protocols still need to perform authentication and identification on back-end servers, which means all the date required is sent through the reader-server communications. Such methods inevitably cause some inconvenience to users because of the limitations of wireless communications. Some studies have proposed new delegation approaches to deal with the wireless communications between mobile readers and back-end servers. The servers can delegate mobile readers in advance, so that the readers can identify tags in an off-line mode. The problem is once the delegation expires mobile readers still need to establish connection with back-end servers for new delegation. For this reason, we propose a new delegation protocol for mobile readers to perform delegation transfer. In our protocol, if a mobile reader’s delegation expires, it can ask for delegation transfer from another reader that has been authorized to access the same tag. Besides, our delegation protocol can also guarantee forward/backward secrecy and secure data privacy and location privacy. It can stand most RFID threats, such as replay attacks, Man-in-the-Middle attacks (MITM), pseudo tags, and denial of service (DoS) attacks.