There have been various mechanisms proposed to address privacy problems, however, they are still vulnerable to different attacks and leaves a few weaknesses. Although existing hardware-based approaches prevent unauthorized reading, those are restricted in practice. At present, many solutions introducing cryptographic authentication have been suggested to protect user privacy. Because of constraint resources, strong cryptography is not suitable for passive and low-cost RFID tags, but weaker cryptographic primitives are widely adopted among authentication protocols. In the past works, a reader and the back-end server are considered as a single entity, and the internal communication channel is secure. Many schemes only provide authentication between a server and a tag. In the mobile RFID environment, anyone who possesses a mobile device equipped with active RFID transmitter/receiver can interact with RFID-tagged objects, and acquire information from a back-end server through wireless communications. For this reason, it ought to achieve proper reader authentication. In this thesis, we propose two authentication schemes to resolve privacy threats in a mobile environment, where a mobile reader is not authorized to acquire every tag’s related data. One achieves many security requirements with efficient tag identification, which helps the server save an exhaustive search in its database. This scheme determines whether if a reader has the proper access right or not through a shared secret key. The other is able to enhance forward privacy of transactions, and keep a reader anonymous when a reader user’s location privacy is considered. These two authentication schemes are trade-off and based on two chief considerations: efficiency and security. The trade-offs are chosen relying on what application environment the RFID system is applied in.