The security of wireless body sensor network (BSN) is very important to telemedicine and m-healthcare, and it still remains a critical challenge. This paper presents a novel key distribution solution which allows two sensors in one BSN to agree on a changeable cryptographic key. A previously published scheme, fuzzy vault, is firstly applied to secure the random cryptographic key generated from electrocardiographic (ECG) signals. Simulations based on ECG data from MIT PhysioBank database, produce a minimum half total error rate (HTER) of 0.65%, which demonstrates our key distribution solution is promising compared with previous method, with HTER of 4.26%.