Your idea is quite usable. It addresses the OP's concerns, and mine, and others in this thread.
I would suggest that there be protections from server admins as well. The only thing a server admin should be able to do is either remove the blueprint/design from the server, or to add the blueprint/design to the server. I have heard of, but never experienced, server admins stealing/copying blueprints. I can understand people having a bit of paranoia about this.
I disagree with you on the server admin's access; administrative level entity duplication has proven a necessary evil. Quite frankly, if you can't trust a server admin, you really shouldn't be there.
Although thinking about this more...in pursuit of the original posting's intent (to hinder easy wholesale entity duplication), I could agree with you on this point. Admins still have the option of copying raw files from the server, using the commands /change_sector_for_copy or /change_sector_copy and/or of capturing an entire sector for evaluation in SP, so we could still capture an entire (abusive) design if deemed necessary.
Preventing the in-game capture by admins just makes it more difficult to do our jobs. As an Admin myself, I have mixed-feelings about that, on one hand I imagine that all responsible admins have zero interest in theft/redistribution of designs, I also understand a player's desire for an illusion that an Admin can't steal designs. Abusive designs have proven a fairly serious, but also rare, issue: so I'm OK putting in the extra duplication effort if it means players feel their designs are more protected, and therefore are more apt to play.
My original frame of mind when including "...Entity flag can be set either by admin (anytime) or by player (only when spawning)..." was to enable an ability for admins to toggle that flag: so that if a player spawned an original design, they could ask an Admin for help to reverse that decision in the future (e.g. if the player had applied major revisions, and wanted to re-blueprint). In hindsight, to fulfill this particular objective, the game could just permit the original spawner to toggle this flag anytime.
I think HolyCookie's idea of adding some meta info concerning ownership is a good idea. Something that people can see, for example, when someone hits R on the core and then enters build mode, they could see the ownership details.
The game's existing BP system does already store such metadata, and BP ownership is already visible in-game. I also agree that existing entity metadata should be generally visible to players, such as the existing "spawner" and "lastModifier" fields.
What I believe
HolyCookie is seeking, is a means of tying that information to blueprints as well, and making that information more readily visible to all players, preferably using processes that could not be unduly manipulated once someone has a raw BP file. PGP/GPG style signatures on blueprints would help fulfill that criteria.