Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key, s, shared with the reader, perform XOR operations, and receive and transmit via radio 32-bit values. The reader generates a random 32-bit challenge x and transmits y = x ⊕ s to the tag. The tag computes z = y ⊕ s and sends z to the reader. The reader authenticates the tag if z = x.
as we know same secret key can be encrypt and decrypt the same value message but if we use two different secret key how can it work????
This scheme cannot work if the keys don't match. Usually some kind of key derivation is used on the reader side though, using some kind of identifier broadcast by the tag.
Even then, you can only use this to authenticate the tag, and that only once, assuming that sniffing out the communication is possible. With the protocol you describe you can easily sniff out the two values and then XOR out the key of the tag. XOR does not provide a high level of security within the protocol you've described.