Patient data privacy, as one of the foremost security concerns in healthcare applications, must be enforced through the use of strong cryptography. However, in the scenario where the patient wears a body network in which lightweight, battery-operated wireless sensors monitor various health variables of interest, the requirements for strong cryptography must often be balanced against the requirements for energy efficiency. In this paper, we describe two algorithms for key distribution. The first algorithm relies on a central trusted security server (CTSS) to authenticate that participants indeed belong to the patient's group and to generate the session key. In the second algorithm, participants authenticate each other using certificates and are largely independent of the central trusted security server (CTSS); this algorithm uses elliptic curve cryptography (ECC) to reduce energy consumption by cryptographic computations. In both cases, the patient's security processor has a lead role in authenticating group membership and the key generation process. Using the data from commercial devices compliant with the IEEE 802.15.4 low data rate WPAN technology, we show that this approach can be successfully implemented in networks built with low power motes.