A message processing server includes a memory and a message processor. The message processor is configured to receive first data; save an identifier in association with a first-layer access restriction indicator and a first key, generate a first encrypted layer by encrypting the first data with the first key, and generate a token from the identifier and the first encrypted layer; receive second data and the token; recover the identifier and the first encrypted layer from the token; confirm that the identifier was saved in the memory in association with the first indicator; save the identifier in association with a second-layer access restriction indicator and a second key, generate a second encrypted layer by encrypting the first encrypted layer and the second data with the second key, and regenerate the token from the identifier and the second encrypted layer.