This paper addresses radio frequency identification (RFID) authentication and ownership transfer in offline scenarios. Four typical related works are reviewed in detail. A series of shortcomings and vulnerabilities of them are pointed out. A new RFID authentication protocol based on a novel tag-owner-assisting architecture is proposed, making a tag's owner an essential participant of the RFID authentication process. The proposed protocol is distinguished from existing works in providing ownership transfer, access control, and mutual authentication without any centralized database neither on a backend server nor in a reader. The security of the proposed protocol is verified by using automated validation of Internet security protocols and applications tool. The proposed protocol is server-less, simple, scalable, untraceable, and device-independent. These features are simultaneously achieved in a single RFID authentication protocol for the first time. Copyright (c) 2014 John Wiley & Sons, Ltd.