The principle behind this approach seems sound: I would make one small adjustment though. All the info included in the string that you are hashing is public and the method used to hash is public too meaning that the hash generation process can be duplicated by anyone. You need to salt the hashing process to prevent having the whole scheme compromised though data or process duplication.