In a protocol for preserving the privacy of communications between a RFID reader and a RFID tag, two distinct actions are taken. First, the reader and the tag must be mutually authenticated as being authorized participants in the communications. After that process is successfully completed, the authenticity of each authorized participant must be validated prior to each subsequent communication between reader and tag.