diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index 4942b47d9..4fa4f6b9d 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -71,6 +71,7 @@ sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
 sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
 sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
 sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
+sa/authenticators/eap/usim_manager.c sa/authenticators/eap/usim_manager.h \
 sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
 sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
 sa/child_sa.c sa/child_sa.h \
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 490357c13..9f7abf799 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -190,6 +190,7 @@ static void destroy(private_daemon_t *this)
 	DESTROY_IF(this->public.controller);
 	DESTROY_IF(this->public.eap);
 	DESTROY_IF(this->public.sim);
+	DESTROY_IF(this->public.usim);
 #ifdef ME
 	DESTROY_IF(this->public.connect_manager);
 	DESTROY_IF(this->public.mediation_manager);
@@ -486,6 +487,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 	this->public.controller = controller_create();
 	this->public.eap = eap_manager_create();
 	this->public.sim = sim_manager_create();
+	this->public.usim = usim_manager_create();
 	this->public.backends = backend_manager_create();
 	this->public.attributes = attribute_manager_create();
 	this->public.kernel_interface = kernel_interface_create();
@@ -568,6 +570,7 @@ private_daemon_t *daemon_create(void)
 	this->public.controller = NULL;
 	this->public.eap = NULL;
 	this->public.sim = NULL;
+	this->public.usim = NULL;
 	this->public.bus = NULL;
 	this->public.file_loggers = linked_list_create();
 	this->public.sys_loggers = linked_list_create();
diff --git a/src/charon/daemon.h b/src/charon/daemon.h
index 7fcdc55ce..3af0b9b2f 100644
--- a/src/charon/daemon.h
+++ b/src/charon/daemon.h
@@ -163,6 +163,7 @@ typedef struct daemon_t daemon_t;
 #include <credentials/credential_manager.h>
 #include <sa/authenticators/eap/eap_manager.h>
 #include <sa/authenticators/eap/sim_manager.h>
+#include <sa/authenticators/eap/usim_manager.h>
 
 #ifdef ME
 #include <sa/connect_manager.h>
@@ -285,6 +286,11 @@ struct daemon_t {
 	 */
 	sim_manager_t *sim;
 
+	/**
+	 * USIM manager to maintain USIM cards/providers
+	 */
+	usim_manager_t *usim;
+
 #ifdef ME
 	/**
 	 * Connect manager
diff --git a/src/charon/sa/authenticators/eap/usim_manager.c b/src/charon/sa/authenticators/eap/usim_manager.c
new file mode 100644
index 000000000..fa86e7320
--- /dev/null
+++ b/src/charon/sa/authenticators/eap/usim_manager.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2008-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "usim_manager.h"
+
+#include <utils/linked_list.h>
+
+typedef struct private_usim_manager_t private_usim_manager_t;
+
+/**
+ * Private data of an usim_manager_t object.
+ */
+struct private_usim_manager_t {
+
+	/**
+	 * Public usim_manager_t interface.
+	 */
+	usim_manager_t public;
+
+	/**
+	 * list of added cards
+	 */
+	linked_list_t *cards;
+
+	/**
+	 * list of added provider
+	 */
+	linked_list_t *provider;
+};
+
+/**
+ * Implementation of usim_manager_t.add_card
+ */
+static void add_card(private_usim_manager_t *this, usim_card_t *card)
+{
+	this->cards->insert_last(this->cards, card);
+}
+
+/**
+ * Implementation of usim_manager_t.remove_card
+ */
+static void remove_card(private_usim_manager_t *this, usim_card_t *card)
+{
+	this->cards->remove(this->cards, card, NULL);
+}
+
+/**
+ * Implementation of usim_manager_t.create_card_enumerator
+ */
+static enumerator_t* create_card_enumerator(private_usim_manager_t *this)
+{
+	return this->cards->create_enumerator(this->cards);
+}
+
+/**
+ * Implementation of usim_manager_t.add_provider
+ */
+static void add_provider(private_usim_manager_t *this,
+							  usim_provider_t *provider)
+{
+	this->provider->insert_last(this->provider, provider);
+}
+
+/**
+ * Implementation of usim_manager_t.remove_provider
+ */
+static void remove_provider(private_usim_manager_t *this,
+								usim_provider_t *provider)
+{
+	this->provider->remove(this->provider, provider, NULL);
+}
+
+/**
+ * Implementation of usim_manager_t.create_provider_enumerator
+ */
+static enumerator_t* create_provider_enumerator(private_usim_manager_t *this)
+{
+	return this->provider->create_enumerator(this->provider);
+}
+
+/**
+ * Implementation of usim_manager_t.destroy.
+ */
+static void destroy(private_usim_manager_t *this)
+{
+	this->cards->destroy(this->cards);
+	this->provider->destroy(this->provider);
+	free(this);
+}
+
+/**
+ * See header
+ */
+usim_manager_t *usim_manager_create()
+{
+	private_usim_manager_t *this = malloc_thing(private_usim_manager_t);
+
+	this->public.add_card = (void(*)(usim_manager_t*, usim_card_t *card))add_card;
+	this->public.remove_card = (void(*)(usim_manager_t*, usim_card_t *card))remove_card;
+	this->public.create_card_enumerator = (enumerator_t*(*)(usim_manager_t*))create_card_enumerator;
+	this->public.add_provider = (void(*)(usim_manager_t*, usim_provider_t *provider))add_provider;
+	this->public.remove_provider = (void(*)(usim_manager_t*, usim_provider_t *provider))remove_provider;
+	this->public.create_provider_enumerator = (enumerator_t*(*)(usim_manager_t*))create_provider_enumerator;
+	this->public.destroy = (void(*)(usim_manager_t*))destroy;
+
+	this->cards = linked_list_create();
+	this->provider = linked_list_create();
+
+	return &this->public;
+}
+
diff --git a/src/charon/sa/authenticators/eap/usim_manager.h b/src/charon/sa/authenticators/eap/usim_manager.h
new file mode 100644
index 000000000..6a2e0e573
--- /dev/null
+++ b/src/charon/sa/authenticators/eap/usim_manager.h
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2008-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup usim_manager usim_manager
+ * @{ @ingroup eap
+ */
+
+#ifndef USIM_MANAGER_H_
+#define USIM_MANAGER_H_
+
+#include <utils/identification.h>
+#include <utils/enumerator.h>
+
+typedef struct usim_manager_t usim_manager_t;
+typedef struct usim_card_t usim_card_t;
+typedef struct usim_provider_t usim_provider_t;
+
+/**
+ * Interface for a USIM card (used by EAP-AKA client).
+ */
+struct usim_provider_t {
+
+	/**
+	 * Create a challenge for AKA authentication.
+	 *
+	 * @param imsi		peer identity to create challenge for
+	 * @param rand		buffer receiving random value rand
+	 * @param xres		buffer receiving expected authentication result xres
+	 * @param ck		buffer receiving encryption key ck
+	 * @param ik		buffer receiving integrity key ik
+	 * @param autn		authentication token autn
+	 * @return			TRUE if quintuplet generated successfully
+	 */
+	bool (*get_quintuplet)(usim_provider_t *this, identification_t *imsi,
+						   char rand[16], char xres[16],
+						   char ck[16], char ik[16], char autn[16]);
+
+	/**
+	 * Process resynchroniusation request of a peer.
+	 *
+	 * @param imsi		peer identity requesting resynchronisation
+	 * @param rand		random value rand
+	 * @param auts		synchronization parameter auts
+	 * @return			TRUE if resynchronized successfully
+	 */
+	bool (*resync)(usim_provider_t *this, identification_t *imsi,
+				   char rand[16], char auts[16]);
+};
+
+/**
+ * Interface for a quintuplet provider (used by EAP-AKA server).
+ */
+struct usim_card_t {
+
+	/**
+	 * Get the IMSI of this USIM.
+	 *
+	 * @return			IMSI this USIM belongs to
+	 */
+	identification_t *(*get_imsi)(usim_card_t *this);
+
+	/**
+	 * Process authentication data and complete the quintuplet.
+	 *
+	 * If the received sequence number (in autn) is out of synf, INVALID_STATE
+	 * is returned.
+	 *
+	 * @param rand		random value rand
+	 * @param autn		authentication token autn
+	 * @param ck		buffer receiving encryption key ck
+	 * @param ik		buffer receiving integrity key ik
+	 * @param res		buffer receiving authentication result res
+	 * @return			SUCCESS, FAILED, or INVALID_STATE if out of sync
+	 */
+	status_t (*get_quintuplet)(usim_card_t *this, char rand[16], char autn[16],
+							   char ck[16], char ik[16], char res[16]);
+
+	/**
+	 * Request parameter to start resynchronization.
+	 *
+	 * @param in		random value rand
+	 * @param auts		resynchronization parameter auts
+	 * @return			TRUE if parameter generated successfully
+	 */
+	bool (*resync)(usim_card_t *this, char rand[16], char auts[16]);
+};
+
+/**
+ * The EAP-AKA USIM manager handles multiple USIM cards and providers.
+ */
+struct usim_manager_t {
+
+	/**
+	 * Register a USIM card (client) at the manager.
+	 *
+	 * @param card		usim card to register
+	 */
+	void (*add_card)(usim_manager_t *this, usim_card_t *card);
+
+	/**
+	 * Unregister a previously registered card from the manager.
+	 *
+	 * @param card		usim card to unregister
+	 */
+	void (*remove_card)(usim_manager_t *this, usim_card_t *card);
+
+	/**
+	 * Create an enumerator over all registered cards.
+	 *
+	 * @return			enumerator over usim_card_t's
+	 */
+	enumerator_t* (*create_card_enumerator)(usim_manager_t *this);
+
+	/**
+	 * Register a triplet provider (server) at the manager.
+	 *
+	 * @param card		usim card to register
+	 */
+	void (*add_provider)(usim_manager_t *this, usim_provider_t *provider);
+
+	/**
+	 * Unregister a previously registered provider from the manager.
+	 *
+	 * @param card		usim card to unregister
+	 */
+	void (*remove_provider)(usim_manager_t *this, usim_provider_t *provider);
+
+	/**
+	 * Create an enumerator over all registered provider.
+	 *
+	 * @return			enumerator over Usim_provider_t's
+	 */
+	enumerator_t* (*create_provider_enumerator)(usim_manager_t *this);
+
+	/**
+	 * Destroy a manager instance.
+	 */
+	void (*destroy)(usim_manager_t *this);
+};
+
+/**
+ * Create an USIM manager to handle multiple USIM cards/providers.
+ *
+ * @return			usim_t object
+ */
+usim_manager_t *usim_manager_create();
+
+#endif /** USIM_MANAGER_H_ @}*/