The first refreshable anonymous token scheme proposed in [1] enables one to provide services in such a way that each of its users is allowed to enjoy only a fixed number of services at the same time. In this paper, we show that the scheme in [1] is insecure and propose a provably secure refreshable partial anonymous token scheme which is a generalization of the previous scheme. The new scheme has an additional ability to control the anonymity level of users. We also propose a formal model and security requirements of the new scheme.