An improved minimalist mutual-authentication protocol (IM2AP) is proposed by protecting the messages transmitted between the reader and tag. It achieves mutual authentication by the pseudonym and key shared between the tag and reader, and then they start to transmit the private messages. In order to ensure that the mutual authentication of the tag and reader will not be attacked by malicious interference, the tag generates a random number by the Hamming weight of the key which can be shared with the reader and then uses the random number to protect the transmitted message on the cyclic shift. Thus the attacker cant tamper with a particular bit and the protocol effectively avoids de-synchronization and the full disclosure attack. Analysis of security and performance shows that when the security of the lightweight security authentication protocols is generally weak, this protocol can improve the security and reliability of the system with limited cost, so it has a high practical value.