Concerned the problem that the existing RFID security protocols focus on the privacy and anonymity of RFID system, but ignore the scalability and customizability, a scalable and customizable RFID bidirectional authentication protocol is proposed. Firstly, the tags and client readers are authenticated by target authentication module, the efficiency of the authentication is improved by using the tag grouping based on liner search method and a mapping table; secondly, the malicious users are detected by a simple ID matching detection; lastly, the mutual authentication between tags and servers is realized to enhance the security further more. The analysis results show that the proposed algorithm has a good computational efficiency and security, at the same time it realizes the customizability and scalability.