The paper firstly proposed a provable privacy-protection system (PPPS) which can achieve two kinds of privacy protection and switch between them optionally by users: The first is anonymous scheme which can make nobody know the users’ identity, including the server and the registration center (RC), and they only know these users are legal or paying members. The other is hiding identity scheme which owns also privacy-protection property, because the user’s identity is not transferred during the process of the proposed protocol, and only the server and the RC know the user’s identity. About practical environment, we adopt multi-server architecture which can allow the user to register at the RC once and can access all the permitted services provided by the eligible servers. Then a new PPPS authenticated key agreement protocol is given based on chaotic maps. Security of the scheme is based on chaotic maps hard problems, a secure one-way hash function and a secure symmetric cryptosystem. Compared with the related literatures recently, our proposed scheme can not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. Finally we give the security proof and the efficiency analysis of our proposed scheme.