The implementation of the Lock and unlock method is one the most popular topic in this discussion board. Partly because there are a lot of ways to implement them. To tell the truth, I don't know what is the best design. Just like you, I doubt my design too, I still do. If your design works for you, it should be OK.
As to your question:
1. I used a Collection.
2. I just store record number.
3. I didn't try to identify clients.
4. I didn't implement timeout.
I saw other passed SCJDs who did exactly the opposite.
Good luck!