A method and system for RFID security authentication are disclosed, by using less computational pseudorandom numbers, secure hash operation, Binary exclusive OR arithmetic and symmetrical cryptographic arithmetic complete the security authentication and information transmission between the electronic tag and the card reader and the server, and the electronic tag only needs exclusive OR and hash arithmetic before the authentication is passed, which has good adaptability for the electronic tag with low cost, low performance and low computing power. The server authenticates the card reader by private key signature, which is universally feasible. In the aspect of security, the electronic label will not send any valuable information before it passes the authentication, and the information afterit is encrypted, so it can effectively resist the security attack of illegal information acquisition by exploiting the vulnerability of authentication protocol. At the same time, because different keys are used to encrypt the label response after each authentication, the third party can avoid non-physical location tracking of the label.