Due to the inadequacy of GPS signals in indoor spaces, Indoor Positioning Services (IPSs) have drawn great attention. The popular smartphone localization technique relies on a centralized server to achieve localization, allowing the server to acquire a user's location in fine granularity. To ensure the privacy of IPS users, we propose an Encrypted Indoor Positioning Service (EIPS) model that protects users' privacy from the centralized server and maintains localization accuracy simultaneously. Our EIPS model enables users to encrypt and decrypt their query through an Encryption and Decryption Server (EDS) bi-directionally in a commutative way, so the users' locations remain private to both EIPS and EDS. We also propose Query Split, Artificial Dimensions and Columns to prevent Known Plaintext Attack (KPA). Our analytical and experimental evaluations show that our model is resilient to a variety of privacy attacks without loss of efficiency and accuracy.