The RFID (Radio Frequency Identification) technology plays an important role of providing mobile services in Internet of Things (IoT) environments. In an RFID (Radio Frequency Identification) system, a tag with a unique ID is attached to an object and a reader can recognize the object by identifying the attached tag. With this identified tag ID, the reader can then retrieve the related information of the object from the backend server database and even access IoT-aware services associated with the object. Due to the nature of RF signals, the communication between the reader and tags is vulnerable to attacks. Typical attacks include the man-in-the-middle (MitM), replay, forward secrecy, denial of service (DoS), and impersonation attacks. Due to the extremely small memory and very limited computation power of tags, some RFID reader-tag mutual authentication schemes, like Huang and Jiang's scheme, Yi et al.'s scheme and Khedr's scheme, have been proposed to resist these attacks by using on-tag ultra lightweight operations, such as the random number generation (RNG), the pseudo random number generator (PRNG), the cyclic redundancy check (CRC), the exclusive-or (XOR), and lightweight cryptographic hash function (LHash) operations. These schemes still have some flaws, though. This paper proposes an improved mutual authentication scheme using only ultra lightweight operations to resist more attacks and/or achieve lower communication, computation, and tag memory overheads.